Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas

Copper said some “concerning behavior” had been detected, and that a “machine-generated alert had been triggered.”

AccessTimeIconFeb 1, 2023 at 9:55 p.m. UTC
Updated May 9, 2023 at 4:07 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Cryptocurrency custody provider Copper was alerted to a security issue over the Christmas period in December involving the company’s GitHub repository, which contains a blueprint for how the firm secures customers’ assets.

Copper is one of the leading crypto custody providers, securing billions of dollars in digital assets using clever key sharding technology called multi-party computation (MPC), and working with well-known firms such as State Street.

  • Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
    00:59
    Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
  • Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
    09:43
    Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
  • Breaking Down the State of Hacking in 2024
    02:01
    Breaking Down the State of Hacking in 2024
  • Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
    00:59
    Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
  • "No clients were compromised," Copper said in a statement to CoinDesk.

    Copper said one of its vendors had “detected some concerning behavior in their development environment,” and that a “machine-generated alert had been triggered.”

    “The subsequent investigation determined that Copper hadn’t suffered any breach or business interruption and that no client information had been compromised,” Copper said in a statement. “The incident was not of a nature that required disclosure with applicable law or regulations, operations continued to run smoothly and caused no further concern to the company.”

    Slack, the popular professional messaging platform, also suffered a security incident over the year-end holidays affecting some of its private GitHub code repositories.

    Despite Copper’s claims that no breach of its code had taken place, two people with knowledge of the situation told CoinDesk the firm’s codebase had been breached and copied.

    “There was a serious breach late last year, where one of the developer’s accounts was compromised. That meant the entire code base was made vulnerable and downloaded,” said one of the people. “In practice it exposes the intricacies and workings of the entire platform to a group of malicious actors.”

    Former U.K. Chancellor of the Exchequer Philip Hammond, who was recently named chairman of Copper, said in an interview that the firm is close to finalizing a funding round.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Ian Allison

    Ian Allison is an award-winning senior reporter at CoinDesk. He holds ETH.

    Author placeholder image

    Will Canny is CoinDesk's finance reporter.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.