Crypto payment processor BitPay issued advice on its official blog yesterday, Nov. 26, for users of its open-source Bitcoin (BTC) wallet Copay, which has reportedly been compromised by malicious code.
The vulnerability pertains to a third-party Node.js module, also known as an “event stream,” which is used in versions 5.0.2 through 5.1.0 of BitPay’s Copay and BitPay apps. According to a GitHub issue report, this module was modified to load malware that is capable of stealing users’ private keys.