Global Bitcoin payment service BitPay has warned customers of a vulnerability on a third-party NodeJS package used by the Copay and BitPay apps which could be used to capture users’ private keys. The company said the malicious code was deployed on versions 5.0.2 through 5.1.0 of its Copay and BitPay apps. BitPay recommended users to move funds to new wallets immediately as private keys are potentially compromised.
BitPay Investigates Whether Code Vulnerability Exploited Copay Users
BitPay is currently investigating the matter as to whether Copay users suffered from any attack purported the malicious code, the company said in a statement.
“Currently, we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps. However, the BitPay app was not vulnerable to the malicious code. We are still investigating whether this code vulnerability was ever exploited against Copay users.”
The Bitcoin payment service warned customers not to use any infected Copay versions before running a security update provided by BitPay in the app stores.
“Our team is continuing to investigate this issue and the extent of the vulnerability. In the meantime, if you are using any Copay version from 5.0.2 to 5.1.0, you should not run or open the app. A security update version (5.2.0) has been released and will be available for all Copay and BitPay wallet users in the app stores momentarily.”
Additionally, BitPay recommended users to move
Discussion about this post