BitPay has advised the customers using the older version of the app, to assume that a hacker had stolen the private keys. These keys are applicable to access their cryptocurrency.
The attackers might have infected the code library, that the service used a several weeks ago. It usually affects the Bitcoin customers using the android and ios versions 5.0.2 to 5.1.0. Hence these customers advised to update their version and move Bitcoin to a new wallet.
One of the spokesperson of the US-based payments company said that their team is continuously investigating the issue and the extent of vulnerability. Also warns, do not run or open the apps having versions 5.0.2 to 5.1.0. He further says that a new security version is now available for all the CoPay and BitPay wallet users.
Statement on NPM Package Vulnerability in v5.0.2-5.1.0 of Copay Wallets | The BitPay Blog
— BitPay (@BitPay) November 26, 2018
The hacker, who has been sending keys to a server in Malaysia, is now able to compromise BitPay. This is possible by infecting an open-source code library, the app was dependent on.
The software engineer, Dominic Tarr, created the code. But harassed on social media. After its origination that the hackers were able to deploy the malware, after it was accessible.
Here is my statement on the event-stream issue: https://t.co/OmvlVuECHL
Thanks to everyone who sent me friendly emoji 😉 I'm okay. But this is really a much bigger issue (the viability of open source). I'm glad that this incidence is raising awareness!
— Dominic Tarr (@dominictarr) November 26, 2018
He wrote in a statement that
Of course, If I had realized they had a malicious intent I wouldn’t have, but at the time it looked like someone who was actually trying to help me.
Tarr further elaborated that this was not just one thing, but it several other companies were also vulnerable to similar attacks.
Share your thoughts on the advise given to the Bitcoin Holders in our comment section.