Coinspect has reported the existence of a bug in the Copay multi-signature Bitcoin wallet produced by BitPay. In affected versions of Copay the vulnerability allowed the compromise of one party to empty the shared wallet by submitting a transaction type which would exploit the protocol used by Copay wallets to automatically sign transactions. Coinspect alleges that after reporting the flaw to BitPay on July 20th the flaw was fixed in Copay version 0.4.1 for this particular exploit scenario. Given the nature of this exploit Qntra advises users considering Copay or any multisignature scheme which involves any protocol for automatically engaging additional signers to use extreme caution recommending potential users default to avoiding the shitware involved entirely on first principles. If you trust keys to software that could automatically sign a transaction it could be tricked just as readily into signing a confession.