Lead processing service BitPay, which allows you to accept payment in cryptocurrency, confirmed the appeared information that the company’s bitcoin wallet Copay vulnerability was discovered.
The vulnerability in question, linked to the modified library Node.jsmalicious code which is able to steal private keys of users. In his blog, the company acknowledges that malicious code has been integrated in version 5.0.2 Copay – 5.1.0 and some applications, but not in the service BitPay.
“We continue to explore whether this vulnerability was ever used against users of Copay,” adds the company.
Users who have installed Copay 5.0.2 – 5.1.0, it is not necessary to run the application. The developers have released a fixed version 5.2.0 Copay and uploaded it to the app stores.
“Users should assume that private keys of the affected wallets can be compromised, so they should immediately move funds to new wallets (5.2.0) – adds the company. Users should not attempt to move funds to new wallets by importing phrase to restore access from vulnerable wallets, because it represents a potentially compromised key. Users should first upgrade the vulnerable wallets (5.0.2 – 5.1.0) and then move all the funds on brand new wallets version 5.2.0, using the “Send Max” to initiate the transfer of all funds.”
.
