Bitcoin Wallet Vulnerability DiscoveredA module called event-stream, used in millions of web applications but notably in BitPay’s open-source Bitcoin wallet Copay has reportedly been compromised, potentially leaving some other wallets vulnerable as well.
BitPay published an advisory saying Copay versions 5.0.2 through 5.1.0 were affected by the malicious code and that users with these versions installed should avoid running or opening the app until they install Copay version 5.2.0.
“Our team is continuing to investigate this issue and the extent of the vulnerability,” the official announcement reads. “Currently, we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps. However, the BitPay app was not vulnerable to the malicious code. We are still investigating whether this code vulnerability was ever exploited against Copay users.”