BitPay has announced through GitHub that some hacker modified part of its Copay wallet’s software to upload some malicious code into it.
BitPay’s app remains secure
The hacker installed the virus on the wallet’s modifications 5.0.2 up to 5.1.0 of Copay and BitPay’s crypto storage apps. Experts believe this malicious code can be utilized for stealing private keys in order to get hold of customers’ BTC and BCH coins.
BitPay reps assure that the company’s app proved to be not vulnerable to the hackers’ attempts to compromise it. But currently they are busy researching if any damage has been done to the users of Copay’s platform.
Secure update already released
The company urges its customers not to switch on their Copay wallets if it is versions 5.0.2 – 5.1.0 that they use. BitPay and Copay together have already managed to create and release an improved wallet – the 5.2.0 version, which does not contain any malicious codes and can be used by all customers of both BitPay and Copay. The companies assure that the updated version of the wallet will appear in online stores instantly.
BitPay has warned their clients that since keys on the infected wallets were probably copied, they had better transfer their crypto to the new version of the Copay wallet as soon as possible. The company also noted that users should not import their seed phrases made up of 12 words, since they too can be compromised and serve as a way to restore lost crypto.
The recommended way to transfer their coins from old vaults to the new ones is the Send Max feature, suggests BitPay.
The main suspect
It is believed that the trouble was initiated by a fake developer nicknamed Right9ctrl. He took over maintaining the NodeJS library from the guy who created it but could no longer devote time to work on the library. The latter reportedly took place a quarter of a year ago. Back then, the fake developer got access to the library and infected it with malware.