The popular cryptocurrency wallet from BitPay has been compromised, meaning those who store their assets in ‘Copay’ might now be at risk.

The firm has warned users of Copay that its open-source wallet has been infected with malware which is designed to steal private keys from people who use the wallet. This means that anyone who is running infected versions of the app “should assume that private keys on affected wallets may have been compromised.”

BitPay has said that the malware code was integrated with versions 5.0.2 and 5.1.0 but it is still unclear as to how widely the flaw has spread throughout the wallet’s system. It’s worth noting that Copay has boasted in the past that they have over 100,000 installs on Android. The developer has said that its BitPay wallets weren’t affected by the infection.

The company stated:

“We are still investigating whether this code vulnerability was ever exploited against Copay users. Our team is continuing to investigate this issue and the extent of the vulnerability.”

Statement on NPM Package Vulnerability in v5.0.2-5.1.0 of Copay Wallets | The BitPay Blog

https://t.co/rrRPnJnq0M — BitPay (@BitPay) November 26, 2018

From what the firm can see, the attackers looked like they quietly implemented the vulnerability in through a popular JavaScript library also known as EventStream.

In the meantime, BitPay has released a new version of Copay. The company advises users to update the app and move their crypto into a new wallet.

“Users should not attempt to move funds to new wallets by importing affected wallets’ [12]-word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.”

What are your thoughts? Let us know down below!