“The security team did an audit and contacted us. We then focused on fixing most of the points they disclosed one by one. They are now helping us to improve our process for security related disclosure,” BTCPay founder Nicolas Dorier told CoinDesk. The BTCPay team wrote in its GitHub post that more information on the bug would be disclosed in BTCPay’s next major release.
“We want to thank @teslamotors for filing a responsible disclosure, helping us with remediation, and handling the situation professionally. We also want to thank Qaiser Abbas, an independent web-security researcher, for an additional responsible vulnerability disclosure that was handled in this release,” BTCPay’s team wrote in the software release fixing the bug.
BTCPay Server was launched in 2017 by Bitcoin developer Nicola Dorier in response to popular Bitcoin payment processor BitPay’s controversial statements regarding the 2016 SegWit soft fork. Since launching, BTCPay has been integrated as a donations portal for charitable efforts around the world, including Nigeria and Venezuela.