Based on some of the reports in #9346 "
`event-stream` dependency attack steals wallets from users of copay", some packages have been modified to load malicious code that can capture users' private keys.
Therefore, anyone who uses the previous versions "from 5.0.2 to 5.1.0" of these wallets should not open or run any of them, nor should be recovered using 12-backup phrases of those wallets.
Our team is continuing to investigate this issue and the extent of the vulnerability. In the meantime,
if you are using any Copay version from 5.0.2 to 5.1.0, you should not run or open the app. A security update version (5.2.0) has been released and will be available for all Copay and BitPay wallet users in the app stores momentarily.
Users should assume that private keys on affected wallets may have been compromised, so they should move funds to new wallets (v5.2.0) immediately.
Users should not attempt to move funds to new wallets by importing affected wallets' twelve word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.