Bitpay has recommended its users to remove their savings from their Copay wallets after a successful hacking attempt, stealing away private keys from the customers. These private keys are essential for the customer because they allow access to wallet owner’s cryptocurrency.
It was revealed that the hackers placed the code in a library that the server was using. It has been found that the hackers have been using a server in Malaysia and were sending the private keys to this server.
Although all the customers have been alerted it has only affected the customers using the android and ios versions 5.0.2 to 5.1.0
A team from a US-based company is continuously reviewing the effect and the extent of vulnerability of the code. They also recommend to not use the apps versions 5.0.2 to 5.1.0.
The open source library code was made by a software engineer Dominic Tarr. After this issue was detected in the code Dominic was subjected to harassment on social media.
Tarr explained that this was not the only case that has been reported to affect users. Several other companies have also been vulnerable to similar attacks.
Tar tweeted to further justify his stance on the issue and looked on the more bright side saying that he was grateful it has raised awareness about the viability of the open source.
Bitpay has now officially informed the users to update onto 5.2.0 version first and then transfer all funds to a new wallet using the latest version.
Bitpay has introduced a new option to either create a new wallet with the 5.2.0 version or send funds to a different wallet.
Bitpay has also advised users not to transact using compromised versions. BitPay’s investigation in the matter is still underway.