BitPay announced today there is a critical encryption flaw affecting the spending password in some BitPay and Copay wallet apps. Though it has already patched the vulnerability itself, it said users must update their private keys to protect their funds.
Subscribe to the Bitsonline YouTube channel for more great videos featuring industry insiders & experts
Upgrade to Version 3.14 or Above
Not every user is at immediate risk but everyone should upgrade anyway, BitPay wrote in an online advisory on January 30th. The issue was due to software that wrote unencrypted private keys to disk before encrypting them, exposing them to risk if certain malware is present.
Both mobile and desktop wallet apps are potentially affected.
— BitPay (@BitPay) January 30, 2018
The issue only affects users who set spending passwords — others are not affected. BitPay also said users who don’t share device access or backups with any outside parties are less at risk. However users who created spending passwords with older versions of the app/s should move funds to new wallets with new keys anyway, just to be certain.
Versions 3.14 of the BitPay and Copay wallet apps ensure private keys are encrypted at the moment they’re created, BitPay said.
Its apps are available for all popular desktop and mobile platforms.
Securing Mobile and Desktop BitPay Wallets
The advisory added that any funds stored in software on a device are inherently more vulnerable to malware attack than those stored offline. While this is common knowledge to experienced bitcoiners, it’s less known to newcomers.
Setting spending passwords and creating multi-signature wallets goes a long way towards securing funds, even on mobile and desktop devices.
BitPay provides a number of software solutions targeting merchants who want to accept cryptocurrency payments. Recently it expanded to support Bitcoin Cash (BCH) as well, for those worried at the impact of high transaction fees on the Bitcoin (BTC) network.
Users can also reduce fee pain by using SegWit-enabled wallets, which the company also now fully supports.
Do you use these wallets? How do you feel about security of bitcoin software in general? Let us know in the comments.
Images via BitPay