BitPay and Copay Apps Hit by Code That Steals Private Keys

Reading Time: 2 minutes

Developers over at BitPay and Copay received a Github issue report earlier this week about a third-party NodeJS package that was modified to steal private keys. The code modification allowed hackers to access and capture private keys from people using the app. The code modification has been detected in versions 5.0.2 all the way through to 5.1.0 of the BitPay and Copay apps.
The company is urging all clients using one of these iterations to upgrade to the newest version of the app, before transferring all funds from existing wallets into a new wallet they have created using the new 5.2.0 version using the Send Max feature.

Bad News for Mass Adoption

Many users of the BitPay and Copay systems are businesses who don’t really have technical knowledge. BitPay has been peddled as a quick and easy system to integrate with POS systems that allow businesses to accept cryptos. This news of having to upgrade and shift money to a new wallet could scare off a number of companies – especially those with low technical knowledge. This in turn could mean that a number of firms that once accepted crypto through the two apps have reversed their crypto support. This could be very bad for the overall mass adoption of cryptos and the price of Bitcoin.

BitLicense on the Line

The news of this rogue script being added for so many versions without someone noticing sooner could possibly result in the revocation of BitPay’s BitLicense. BitPay was awarded a BitLicence from the New York State Department of Financial Service (NYSDFS), meaning it can interact and deal with customers from the state of New York. However, the news that its app has been unsafe for so long could force the NYSDFS to reverse its decision and revoke BitPay’s license for the state. This could spell disaster for the firm and bring about a wave of negative PR that spans much of the US.

Not BitPay’s First Brush with Bugs

Unfortunately, this isn’t BitPay’s first brush with bugs and customer dissatisfaction. Back in April, it revealed that the Coinbitclip trojan had worked its way into the code and affected a number of Bitcoin transactions that had been processed by the company. Users with a Windows installation of the app were affected and it caused major chaos. The firm quickly resolved the issue and refunded customers who lost money due to the virus. But, from a PR perspective the damage had already been done.
BitPay has been quick to rectify the malicious code in its app whenever it’s been detected. Unfortunately, due to the fact it took so long to discover, there is no knowing how many users have been affected by this code. The best thing to do is upgrade to the new version of the app and create a new wallet, then transfer your funds. Stay safe, the crypto world can be dangerous at times – something that BitPay’s recent performance proves.