Crypto Custody Firm Copper Alerted to Security ‘Incident’ Over Christmas

Cryptocurrency custody provider Copper was alerted to a security issue over the Christmas period in December involving the company’s GitHub repository, which contains a blueprint for how the firm secures customers’ assets.

Copper is one of the leading crypto custody providers, securing billions of dollars in digital assets using clever key sharding technology called multi-party computation (MPC), and working with well-known firms such as State Street.

"No clients were compromised," Copper said in a statement to CoinDesk.

Copper said one of its vendors had “detected some concerning behavior in their development environment,” and that a “machine-generated alert had been triggered.”

“The subsequent investigation determined that Copper hadn’t suffered any breach or business interruption and that no client information had been compromised,” Copper said in a statement. “The incident was not of a nature that required disclosure with applicable law or regulations, operations continued to run smoothly and caused no further concern to the company.”

Slack, the popular professional messaging platform, also suffered a security incident over the year-end holidays affecting some of its private GitHub code repositories.

Despite Copper’s claims that no breach of its code had taken place, two people with knowledge of the situation told CoinDesk the firm’s codebase had been breached and copied.

“There was a serious breach late last year, where one of the developer’s accounts was compromised. That meant the entire code base was made vulnerable and downloaded,” said one of the people. “In practice it exposes the intricacies and workings of the entire platform to a group of malicious actors.”

Former U.K. Chancellor of the Exchequer Philip Hammond, who was recently named chairman of Copper, said in an interview that the firm is close to finalizing a funding round.