Copay, a popular cryptocurrency wallet distributed by the payments platform company Bitpay, revealed a severe security breach today, potentially causing the loss of users’ digital assets. The issue was caused by unaudited, malicious code uploaded by hackers in a recently- released update to the app.
Darker, Chief Security Officer for Cobo Wallet, said that the attack is very covert and difficult to prevent. He called for blockchain infrastructure developers, including wallets, to raise awareness of development safety and security.
According to Darker, Cobo already periodically has its software and web assets audited by Cure53, a well-known German cybersecurity team that has also worked with companies like Google.
Cobo also pays equal attention to third-party package management tools such as pip by holding regular development security training and employing automated security scanning tools. The Cobo development team also routinely reviews source code internally, in line with the security development process (security development lifecycle) to maximize the security of Cobo users’ assets.
“At the very least, current Copay wallet users should update their Copay to 5.2.0 or use their desktop version to transfer digital assets,” Darker said. “Alternatively, they could try out a safer solution like Cobo Wallet.”