Genesis Block
Home » Copay Wallets affected by Malware

Copay Wallets affected by Malware

Event-stream, a module on the Node.js JavaScript run-time environment was reportedly compromised with malware. The malware is designed to steal from hot wallets with balances over 100 BTC or 1000 BCH and transfer their balances to a server located in Kuala Lumpur. The code library was downloaded over 2 million times and used by various web applications, including BitPay’s open-source bitcoin wallet Copay.


It is reported that Copay versions 5.0.2 through 5.1.0 were affected by the backdoor. Any users using Copay versions 5.0.2 to 5.1.0 are advised NOT to run or open the app. Users with affected versions of Copay SHOULD first update the affected wallets to the security updated version of Copay (v5.2.0) before moving funds to a more secured cold wallet or to the Copay v5.2.0 wallet. It is advised to transfer all funds using the Send Max feature.


Should the user choose to move their funds to Copay v5.2.0, they should set open a brand new wallet on Copay v5.2.0 and SHOULD NOT attempt to move funds to new wallets by restoring the affected wallets’ twelve word backup phrases.


Users of other crypto-related applications should also notify and confirm with developers to ensure that the application is not affected by the malicious version of event-stream. For developers, it is recommended to update event-stream dependency to event-stream version 3.3.4 to protect users with cached versions of event-stream.