It is reported that Copay versions 5.0.2 through 5.1.0 were affected by the backdoor. Any users using Copay versions 5.0.2 to 5.1.0 are advised NOT to run or open the app. Users with affected versions of Copay SHOULD first update the affected wallets to the security updated version of Copay (v5.2.0) before moving funds to a more secured cold wallet or to the Copay v5.2.0 wallet. It is advised to transfer all funds using the Send Max feature.
Should the user choose to move their funds to Copay v5.2.0, they should set open a brand new wallet on Copay v5.2.0 and SHOULD NOT attempt to move funds to new wallets by restoring the affected wallets’ twelve word backup phrases.
Users of other crypto-related applications should also notify and confirm with developers to ensure that the application is not affected by the malicious version of event-stream. For developers, it is recommended to update event-stream dependency to event-stream version 3.3.4 to protect users with cached versions of event-stream.