{"id":41529,"date":"2018-11-28T12:02:00","date_gmt":"2018-11-28T12:02:00","guid":{"rendered":"https:\/\/nl.cryptonews.com\/?p=41529"},"modified":"2023-06-26T11:17:45","modified_gmt":"2023-06-26T11:17:45","slug":"kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600","status":"publish","type":"post","link":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/","title":{"rendered":"Kwetsbaarheid van Bitcoin-wallet ontdekt"},"content":{"rendered":"<p>Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in <b>BitPay&#8217;s open\/source Bitcoin-portemonnee Copay<\/b> is naar verluidt in gevaar gebracht, waardoor mogelijk ook andere portefeuilles kwetsbaar zijn.<\/p><figure><img decoding=\"async\" src=\"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg\" sizes=\"(min-width: 640px) 720px, 100vw\" srcset=\"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg 300w, https:\/\/cimg.co\/w\/articles-attachments\/2\/5bf\/d380458867.jpg 600w, https:\/\/cimg.co\/w\/articles-attachments\/3\/5bf\/d380458867.jpg 720w, https:\/\/cimg.co\/w\/articles-attachments\/4\/5bf\/d380458867.jpg 900w, https:\/\/cimg.co\/w\/articles-attachments\/0\/5bf\/d380458867.jpg 1254w\" alt=\"\" class=\"content-img\"><figcaption>Bron: iStock\/NicoElNino<\/figcaption><\/figure><p>BitPay publiceerde een advies waarin Copay-versies 5.0.2 tot en met 5.1.0 werden be\u00efnvloed door de kwaadwillige code en dat gebruikers met deze ge\u00efnstalleerde versies de app niet moesten uitvoeren of openen totdat ze Copay-versie 5.2.0 installeerden.<\/p><p><i>\u201cOur team is continuing to investigate this issue and the extent of the vulnerability,\u201d<\/i> staat er in het officiele bericht. <i>\u201cCurrently, we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps. However, the BitPay app was not vulnerable to the malicious code. We are still investigating whether this code vulnerability was ever exploited against Copay users.\u201d<\/i><\/p><p>Copay, de getroffen portemonnee, heeft meer dan 100.000 downloads van Android, terwijl het aantal gebruikers van andere platforms zoals iOS of Windows onbekend is. Andere portefeuilles die deze module gebruiken, kunnen ook worden be\u00efnvloed, maar vanaf het moment van schrijven is geen van hen naar voren gekomen.<\/p><p>Het probleem komt voort uit een GitHub-gebruiker die zich vrijwillig aanbiedt om de betreffende bibliotheek over te nemen, malware te injecteren en op te starten om detectie te voorkomen.<\/p><p>De gebruiker, alleen bekend als &quot;right9ctrl&quot;, nam het onderhoud van de module over van de oorspronkelijke maker, ontwikkelaar Dominic Tarr, die zei dat hij de opslagplaats niet in jaren had onderhouden. Kortom, de ontwikkelaar heeft de module bijgewerkt met malware en vervolgens verborgen voor het zicht, maar de vele mensen die het al hadden ge\u00efnstalleerd, blijven getroffen. Bekende ontwikkelaar Jameson Lopp legde uit:<\/p><blockquote class=\"twitter-tweet\" data-lang=\"en\"><p lang=\"en\" dir=\"ltr\">The npm &quot;event-stream&quot; repository has been compromised; if you are using it in a project along with &quot;copay-dash&quot; then the malware will steal any private keys it can find. <a href=\"https:\/\/t.co\/fAnH6ik1n9\">https:\/\/t.co\/fAnH6ik1n9<\/a><\/p>&mdash; Jameson Lopp (@lopp) <a href=\"https:\/\/twitter.com\/lopp\/status\/1067129907501826048?ref_src=twsrc%5Etfw\">November 26, 2018<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><p>___<br>\nJackson Palmer, een Australische ondernemer en technoloog bekendst voor het cre\u00ebren van de beruchte succesvolle &quot;grap&quot; cryptocurrency <a href=\"https:\/\/cryptonews.com\/coins\/dogecoin\/\">Dogecoin <\/a>, voegde er aan toe:<\/p><blockquote class=\"twitter-tweet\" data-lang=\"en\"><p lang=\"en\" dir=\"ltr\">This is one of the major issues with JavaScript-based cryptocurrency wallets with heavy up-stream dependencies coming from NPM. <a href=\"https:\/\/twitter.com\/BitPay?ref_src=twsrc%5Etfw\">@BitPay<\/a> essentially trusted all the up-stream developers to never inject malicious code into their wallet.<a href=\"https:\/\/twitter.com\/dominictarr?ref_src=twsrc%5Etfw\">@dominictarr<\/a> also let the attacker in, sadly<\/p>&mdash; Jackson Palmer (@ummjackson) <a href=\"https:\/\/twitter.com\/ummjackson\/status\/1067132600739721216?ref_src=twsrc%5Etfw\">November 26, 2018<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><p>Event-stream wordt ongeveer twee miljoen keer per week gedownload door applicatieprogrammeurs voor veel verschillende toepassingen. De versie met de malware daarin, Event-Stream v 3.3.6, werd op 9 september gepubliceerd via de Node Package Manager (NPM)-opslagplaats en was sindsdien gedownload door bijna acht miljoen applicatieprogrammeurs.<\/p><p>De schadelijke code zou zogenaamd hebben geprobeerd digitale munten te stelen die zijn opgeslagen in de Dash Copay Bitcoin-portefeuilles &#8211; gedistribueerd via de NPM &#8211; en over te zetten naar een server in Kuala Lumpur. Ambtenaren van NPM hebben de achterdeur verwijderd van NPM&#8217;s lijst op maandag deze week.<\/p>","protected":false},"excerpt":{"rendered":"<p>Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay&#8217;s open\/source Bitcoin-portemonnee Copay is naar verluidt in gevaar gebracht, waardoor mogelijk ook andere portefeuilles kwetsbaar zijn.Bron: iStock\/NicoElNinoBitPay publiceerde een advies waarin Copay-versies 5.0.2 tot en met 5.1.0 werden be\u00efnvloed door de kwaadwillige code en dat gebruikers met deze ge\u00efnstalleerde versies de app [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6,1],"tags":[45,54],"editors":[],"sponsored_companies":[],"class_list":["post-41529","post","type-post","status-publish","format-standard","hentry","category-bitcoin-nieuws","category-news","tag-bitcoin","tag-cryptocurrency"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kwetsbaarheid van Bitcoin-wallet ontdekt<\/title>\n<meta name=\"description\" content=\"Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay&#039;s open\/source Bitcoin-portemonnee Copay is naar verluidt in\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kwetsbaarheid van Bitcoin-wallet ontdekt\" \/>\n<meta property=\"og:description\" content=\"Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay&#039;s open\/source Bitcoin-portemonnee Copay is naar verluidt in\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/\" \/>\n<meta property=\"og:site_name\" content=\"Cryptonews Netherland\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-28T12:02:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-26T11:17:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/cimg.co\/news\/23880\/6153\/5bfd3810b16a0.jpg\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kwetsbaarheid van Bitcoin-wallet ontdekt","description":"Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay's open\/source Bitcoin-portemonnee Copay is naar verluidt in","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/","og_locale":"nl_NL","og_type":"article","og_title":"Kwetsbaarheid van Bitcoin-wallet ontdekt","og_description":"Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay's open\/source Bitcoin-portemonnee Copay is naar verluidt in","og_url":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/","og_site_name":"Cryptonews Netherland","article_published_time":"2018-11-28T12:02:00+00:00","article_modified_time":"2023-06-26T11:17:45+00:00","og_image":[{"url":"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_image":"https:\/\/cimg.co\/news\/23880\/6153\/5bfd3810b16a0.jpg","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#article","isPartOf":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/"},"author":{"name":"giedrius","@id":"https:\/\/cryptonews.com\/nl\/#\/schema\/person\/5d79e712f570715212460260f4f9cc0f"},"headline":"Kwetsbaarheid van Bitcoin-wallet ontdekt","datePublished":"2018-11-28T12:02:00+00:00","dateModified":"2023-06-26T11:17:45+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/"},"wordCount":488,"publisher":{"@id":"https:\/\/cryptonews.com\/nl\/#organization"},"image":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg","keywords":["Bitcoin","Cryptocurrency"],"articleSection":["Bitcoin nieuws","Nieuws"],"inLanguage":"nl-NL","copyrightYear":"2018","copyrightHolder":{"@id":"https:\/\/cryptonews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/","url":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/","name":"Kwetsbaarheid van Bitcoin-wallet ontdekt","isPartOf":{"@id":"https:\/\/cryptonews.com\/nl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#primaryimage"},"image":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg","datePublished":"2018-11-28T12:02:00+00:00","dateModified":"2023-06-26T11:17:45+00:00","description":"Een module genaamd event-stream, gebruikt in miljoenen webapplicaties maar met name in BitPay's open\/source Bitcoin-portemonnee Copay is naar verluidt in","breadcrumb":{"@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/"]}],"author":[]},{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#primaryimage","url":"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg","contentUrl":"https:\/\/cimg.co\/w\/articles-attachments\/1\/5bf\/d380458867.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/cryptonews.com\/nl\/news\/kwetsbaarheid-van-bitcoin-wallet-ontdekt-2600\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptonews.com\/nl\/"},{"@type":"ListItem","position":2,"name":"Kwetsbaarheid van Bitcoin-wallet ontdekt"}]},{"@type":"WebSite","@id":"https:\/\/cryptonews.com\/nl\/#website","url":"https:\/\/cryptonews.com\/nl\/","name":"Cryptonews","description":"","publisher":{"@id":"https:\/\/cryptonews.com\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptonews.com\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/cryptonews.com\/nl\/#organization","name":"Cryptonews Netherlands","url":"https:\/\/cryptonews.com\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/cryptonews.com\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/7\/2023\/09\/4.jpg","contentUrl":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/7\/2023\/09\/4.jpg","width":1669,"height":874,"caption":"Cryptonews Netherlands"},"image":{"@id":"https:\/\/cryptonews.com\/nl\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/posts\/41529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/comments?post=41529"}],"version-history":[{"count":0,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/posts\/41529\/revisions"}],"wp:attachment":[{"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/media?parent=41529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/categories?post=41529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/tags?post=41529"},{"taxonomy":"editors","embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/editors?post=41529"},{"taxonomy":"sponsored_companies","embeddable":true,"href":"https:\/\/cryptonews.com\/nl\/wp-json\/wp\/v2\/sponsored_companies?post=41529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}