So far, there has been a confirmation from Bitpay that the malicious code was released on its Copay and Bitpay apps from version 5.0.2 to 5.1.0. the company has however tried to reassure users, stating that the Bitpay app was not vulnerable to the malicious code. The newly developed security update (version 5.2.0) will be made available for users in the app store. Meanwhile, the team is still investigating to know whether or not the malicious code was ever actually used against people.
The Bitpay team has issued a warning to anyone using a Copay app from version 5.0.2 to 5.1.0, not to open it again. Users are required to first update their affected wallets and then send all funds from affected wallets to the new version 5.2.0 wallets. Users are not to transfer funds to new wallets by importing affected backup phrases, they should assume that the corresponding private keys may have been compromised.
Bitcoi.com wallet users have not been affected by this issue in any way, hence they are to do nothing. “Our wallet doesn’t use the compromised ‘package,’ so we’re completely out of trouble for this one,” explains the Bitcoin.com wallet development team. “We’re operating as normal, we have never used that package and will never use it.”