Risk to user Bitcoin ‘unlikely’ after Tesla spots bugs in BTCPay code

This is a dramatic representation of a security flaw in BTCPay Server, which Tesla helped patch.

Tesla has helped identify a string of vulnerabilities in open-source Bitcoin software BTCPay Server, with users now advised to update their clients as soon as possible.

BTCPay Server recently thanked Tesla’s software security crew for helping patch the bug, which had affected every version of the software to date.

Bitcoin Core and dev project founder Nicolas Dorier told Protos that Tesla’s team found the flaws after running an audit on the software.

Dorier said Tesla found several high to low impact vulnerabilities but “funds are unlikely to be at risk, as there are many conditions to satisfy to be effectively at risk.”

BTCPay Server allows users to operate their own server for processing Bitcoin payments, offering a relatively trustless point-of-sale experience for merchants compared to proprietary processors like BitPay.

Dorier explained the high impact vulnerabilities mostly applied to those who open their servers to other BTCPay users (shared instances), rather than those running private instances.

“I think most people use private instances, though I can’t say for sure as we don’t track,” said Dorier.

Do the BTCPay Server bugs affect you?

If you:

  • Ran a past version of BTCPay Server using the Docker app.
  • Allowed others to register and use your instance.
  • Then you should hurry up and update the software.

While all this suggests Tesla might be using — or looking to use — BTCPay to handle Bitcoin payments, the team noted it doesn’t know for sure whether the electric vehicle giant is really using the software just yet.

In any case, Tesla helping to patch open source Bitcoin platforms does speak to the company’s enthusiasm for the cryptocurrency.

Chief exec Elon Musk announced last week the company accepts Bitcoin for cars and won’t convert any to fiat.

Tesla also bought $1.5 billion worth of Bitcoin earlier this year — now worth $2.58 billion according to Bitcoin Treasuries.

[Read more: Public stocks like Tesla and Square gain $5B on their Bitcoin]

But what did Tesla spot in BTCPay’s code? Unfortunately, for security reasons those details aren’t yet disclosed.

“I can’t say more for now, we will reveal more about the issues in two or three weeks — the time [it takes for] people to update,” said Dorier.

Was this article interesting? Share it