AnChain’s Analysis: BitPay’s Open Source Copay Wallet Discovers Security Vulnerabilities

The malicious code has since been fixed.

This attack is similar to the Stuxnet virus that was specifically designed for the Iranian nuclear power plant in 2010. Stuxnet triggered a specific Siemens PLC control chip, which led to serious consequences including nuclear power plant explosions.

BitPay officially stated that users using Copay wallet versions 5.0.2 to 5.1.0 were affected by the back door. Users using these versions should assume that their private key have been compromised and need to upgrade to version 5.2.0 as soon as possible.

The malicious code was buried internally since October!

Former FireEye senior engineer and architect, Dr. Richard Lai, commented:

This is an issue with open source. The person who maintains a library has to be trustworthy.

This is a real case of code security in the three eternal themes of the’s philosophy. As the code base becomes more complex and more substantial in quantity, the open source community needs to take more serious measures of securing and storing its repositories.

The AnChain.AI team has been fighting on the front line of blockchain security. In August, the Ethereum BAPT-FOMO3D hacker army was exposed. In November, the world’s top 5 EOS DApp design security architecture was re-safely launched after continuously monitoring their transactions. We aim to continue to focus on comprehensive security, as detailed by our three eternal themes of blockchain security: transaction, code, and infrastructure.

About AnChain.AI

A blockchain data analytics firm providing intelligence, indicators, and investigative resources for clients to enhance their security, risk, and compliance strategies.

Feel free to reach out to us directly at:

With extensive experience in cybersecurity, artificial intelligence, cloud computing, and big data AnChain is continuously securing top-tier crypto exchanges, protocols, investors, custodians, and enterprise with our Blockchain Ecosystem Intelligence.

Blockchain data analytics firm providing security, risk, and compliance solutions.

Blockchain data analytics firm providing security, risk, and compliance solutions.