Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas
Copper said some “concerning behavior” had been detected, and that a “machine-generated alert had been triggered.”
Cryptocurrency custody provider Copper was alerted to a security issue over the Christmas period in December involving the company’s GitHub repository, which contains a blueprint for how the firm secures customers’ assets.
Copper is one of the leading crypto custody providers, securing billions of dollars in digital assets using clever key sharding technology called multi-party computation (MPC), and working with well-known firms such as State Street.
"No clients were compromised," Copper said in a statement to CoinDesk.
Copper said one of its vendors had “detected some concerning behavior in their development environment,” and that a “machine-generated alert had been triggered.”
“The subsequent investigation determined that Copper hadn’t suffered any breach or business interruption and that no client information had been compromised,” Copper said in a statement. “The incident was not of a nature that required disclosure with applicable law or regulations, operations continued to run smoothly and caused no further concern to the company.”
Slack, the popular professional messaging platform, also suffered a security incident over the year-end holidays affecting some of its private GitHub code repositories.
Despite Copper’s claims that no breach of its code had taken place, two people with knowledge of the situation told CoinDesk the firm’s codebase had been breached and copied.
“There was a serious breach late last year, where one of the developer’s accounts was compromised. That meant the entire code base was made vulnerable and downloaded,” said one of the people. “In practice it exposes the intricacies and workings of the entire platform to a group of malicious actors.”
Former U.K. Chancellor of the Exchequer Philip Hammond, who was recently named chairman of Copper, said in an interview that the firm is close to finalizing a funding round.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.