According to Foresight News, the Coin team responded to claims of being infected by the SparkKitty virus, acknowledging that they had integrated a third-party SDK provided by Bitdu exchange. However, they stated that the high-risk functions related to album permissions and image uploads in that SDK had been disabled from the beginning and were never activated or triggered, and user data was not impacted in any way.
According to disclosures regarding Coin, Bitdu plans to acquire Coin in 2023 and requires integration of its SDK for assessing user activity. The Coin technical team discovered suspicious behavior in the SDK during testing, which could induce the activation of album permissions and the uploading of photos. They subsequently comprehensively blocked the upload function through the interface, ensuring that potential risk functions could not operate. Currently, Coin has initiated a full code security review and has committed to upgrading the auditing of third-party SDKs and the background investigation process for partners to prevent similar incidents from occurring again.