Copay wallet compromised with private key stealing malware

Copay which is the multi-signature wallet from Bitcoin considers itself to be “safe and shared Bitcoin wallet” but seemingly has not been from the last few months. On Monday, BitPay notified its user about the attack by malware on its publically available wallet and that malware might have got the access to the private keys of the users.

According to the blockchain payment company, the users should expect that the of the wallets having the malware does not have their private keys secure. In this respect, the users of versions 5.0.2 through 5.1.0 of the Copay and BitPay applications are considered to be the main victims, and they should move all of their funds to the version 5.2.0 of the application.

The problem occurred due to an infected code that has been inserted into the event-stream which is the module of the Node.js. This code was inserted by a new user who was granted access to the javascript library by the original founder three months ago. Dominic Tarr, who is the previous upholder of the javascript told that he gave the charge to the new user who was willing to maintain the module.

The new upholder continued to deliver the new module Event-Stream 3.3.6, and it has a flat-map library which is containing the infected code. On GitHub, Ayrton said that the new manager added the Event-Stream which is not an improvement for the core code.

This infectious code is able to execute only if it is executed inside the Copay source code from where the user information of a wallet can be stolen, such as private keys. This information is then sent to the Copay API host URL on port 8080. Nicolas Noble, a user of the application, says that having malicious code and Copay-dash in your application results in stealing of the Bitcoins in it.

Bitpay said that this application was not unshielded for any infected code and the company is still inspecting if any user was affected by the code. BitPay notified its user not to move the funds to the new wallets because by doing so infection will move into their wallets. It directed its users to update the affected wallet version ( and start using the new wallets on version 5.2.0 for funds transfer using Send Max feature to begin the transactions of all the funds.