Copay Scam

[mike1968]

Copay wallet stole my Bitcoin.

They are saying that they do not have my recovery phrase stored on their servers. However, they also say that I can't recover the wallet with out an internet connection so it must be stored on their servers. Right?

I'm no computer scientist but if I need an internet connection to recover the wallet, with the recovery phrase on a new device, then that tells me the phrase is stored on Copays servers

I think they use this system and have customers write their phrase on a piece of paper knowing that some people will lose it. If there is a earthquake, tornado or another natural disaster, someone cold lose all of their belongings and also their Bitcoin too.

The customer support on Copay.io took me to Github and I opened a ticket only to have non Copay employees insult me. Everyone in the world can read my open and closed tickets so there is no privacy at all.

I am sick about this and disgusted. I have lost all my Bitcoin.

[Fremont]

Copay wallet stole my Bitcoin.

They are saying that they do not have my recovery phrase stored on their servers. However, they also say that I can't recover the wallet with out an internet connection so it must be stored on their servers. Right?

Hi mike1968,

Copay absolutely do not store your recovery phrase (wallet seed) on their servers - if they did, this would mean that they could spend your bitcoins at will. The wallet seed is generated on your device, not on Copay's servers, and Copay never has access to it. The private keys for your bitcoins are stored solely on your device. I have found the ticket you opened on Github and the information provided to you there by others is correct.

You seem to misunderstand how Bitcoin works (which is absolutely fine, you're certainly not alone in that and this is a great place to learn more!) but very basically bitcoins are never stored on your device, or by a company or person unless you send your bitcoins to that company or person at which point the bitcoins no longer belong to you at all. The reason for this is that Bitcoins exist on the Bitcoin blockchain only. The private keys (which allow you to spend and move those bitcoins) are stored on your device, and if you give anybody access to those private keys they can steal your money.

When using Copay the private keys are created on your device (and are also 'hardcoded' - for lack of a more advanced explanation - into your wallet seed during creation). This means that Copay at no point had access to your private keys or your wallet seed, meaning that they are unable to assist you in recovering the private keys that allow you to spend your bitcoins. You are the only one that had access to the wallet seed.

I think they use this system and have customers write their phrase on a piece of paper knowing that some people will lose it. If there is a earthquake, tornado or another natural disaster, someone cold lose all of their belongings and also their Bitcoin too.

The wallet seed system is in use by virtually every single Bitcoin wallet in existence as it provides a way for a user to recover their bitcoins if they lose their device or accidentally delete their wallet. You can also import your Bitcoin addresses into other wallets using your wallet seed. You have to exercise personal responsibility over the security of your funds, and this includes securing them from natural disaster.

The customer support on Copay.io took me to Github and I opened a ticket only to have non Copay employees insult me. Everyone in the world can read my open and closed tickets so there is no privacy at all.

If you read the main features of Copay you'll see the that it mentions "Device-based security: all private keys are stored locally, not in the cloud" - this tells you that your private keys are not revealed to Copay.

I am sick about this and disgusted. I have lost all my Bitcoin.

I'm no computer scientist but if I need an internet connection to recover the wallet, with the recovery phrase on a new device, then that tells me the phrase is stored on Copays servers.

If you give us an idea of how you lost your wallet (not the wallet seed on the piece of paper, but the software you were using) we may be able to offer advice.

Please note for the future, however, that every single individual that uses Bitcoin is responsible for the security of their own bitcoins - the idea behind Bitcoin being that you are your own bank and as such you have complete responsibility for the safety of your funds.

[mike1968]

Thank you fro your reply. You were much more polite than the Copay customer service.

I understand what you are saying about digital wallets. However, Copay said when I download the software on a new device, I need an internet connection to recovery the wallet with my recovery phrase. So wouldn't that mean the recovery phrase is stored somewhere on the internet? That is the part I don't understand at all.

And I find it odd how rude they are and how fast they close my tickets and how the senior staff I attempted to contact will not reply to my messages.

[Fremont]

Thank you fro your reply. You were much more polite than the Copay customer service.

Hi Mike,

You're very welcome; I understand how daunting Bitcoin can seem at first and completely understand the confusion as I was new to Bitcoin once too!

I understand what you are saying about digital wallets. However, Copay said when I download the software on a new device, I need an internet connection to recovery the wallet with my recovery phrase. So wouldn't that mean the recovery phrase is stored somewhere on the internet? That is the part I don't understand at all.

I don't use Copay myself but have just downloaded and installed it to my Android device to check out the internet connection issue for you and can confirm that it is not possible to create a wallet in the Copay app without an internet connection. The main reason that I can see for Copay requiring an internet connection is because its service requires your Copay wallet on your device to interact with the Bitcore Wallet Service on Copay's end. I don't know enough about Copay and how their wallet works to give you in-depth information about why this might be so (other than knowing that their wallet requires connecting to the Wallet Service to function), or what services they run on their end that requires communication between them and your device, but I can say definitively that it has absolutely nothing to do with your recovery phrase.

The wallet seed / recovery phrase generated in Copay's app is never sent to the internet (or Copay) unless you made a digital copy of it and put it there yourself - just to make sure you're aware, this is something that you should never do as it would allow anyone who finds it to take your bitcoins.

And I find it odd how rude they are and how fast they close my tickets and how the senior staff I attempted to contact will not reply to my messages.

Copay is open-source software and the code is available for anyone to inspect who might have the wherewithal to do so. I think this is perhaps the reason you received some less than helpful responses on their GitHub page, as it is generally more technically advanced users that would be commenting over there.

You might find the following reviews on Copay's wallet informative:
http://bitreview.com/wallet/copay
https://steemit.com/bitcoin/@jackmanman ... let-review
http://ecurrencyreview.com/2016/08/31/c ... et-review/

If you're using an Android device I would recommend Mycelium as your phone's Bitcoin wallet. As with any wallet - and unfortunately as you're now painfully aware - please be sure to secure your wallet seed as you will absolutely need this if you ever need to recover your wallet.

If protection of your bitcoins from natural disasters is a concern, you can purchase an item such as CryptoSteel and keep a record of your wallet seed / recovery phrase on that. Unsurprisingly it is a very popular product and is usually on backorder so you may need to wait a while for it to be manufactured and sent. In the meantime I would suggest making a number of copies of your wallet seed / recovery phrase, laminating them, and storing them securely both in your home and off-site if possible where they will not be seen or found by others.

Fremont

[mjglqw]

Definitely not a scam. Copay is affiliated with Bitpay, which is a very popularly used payment gateway.

I've been using Copay for years myself, on mobile.

[mike1968]

How does anyone know if it's not a scam for sure. Only the people at the very top would know and possibly not even senior staff.
Remember the Manhattan Project? The only ones who knew about it were the people at the very top.

The two co owners could very well be taking Bitcoins from wallets that can't be recovered by the client. They have to have the recovery phrase stored somewhere on the internet since I need an internet connection to use the recovery phrase. There are other people who posted on Github trying to get help recovering their wallet with no help at all. So all the employees think the recovery phrase is not stored on Copay servers but obviously it is. I can only think of one reason why the co owners would not want to give us the recovery phrase if we lost it.

I really think there is something strange going on because it doesn't add up. Copay users who lose their phrase for whatever unfortunate reason, all lose their Bitcoin to the selfish liars who own Bitpay/Copay.

[CryptKeeper]

No scam.

The Copay wallet is open source and reviewed and forked several times. There is no evidence that private keys are leaked. False accusations are not helpful in a world where real scams are plenty.

[mike1968]

Its not a scam unless you lose your recovery phrase. I shouldn't need an internet connection to recover my wallet if the phrase is stored on my device. And we should be able to choose our own recovery phrase instead of Bitpay/Copay choosing it for us. It would be easy to remember that way.

Bitpay/Copay.io lied to me and said my phrase is stored on my device. They changed that to it I stored on the wallet. That changed to it being stored on Blockchain and now the last response from them i sits restored on my device. They are contradicting themselves and have no answer for my questions.
If the phrase is stored on my device, how can I recover the wallet on a new device when the first one breaks? Why do I need an internet connection to recover it if its on my device or on the software on the device? If its stored on Blockchain there is a tracking record of it stored on the server and a administrator can recover it. Bitpay also chooses the words that you are allowed to use which are all stored in their data base. Maybe the NSA can recover it for me, I'm sure they have it stored on their data base somewhere like they have everything else that is ever done on the internet.

[mjglqw]

Its not a scam unless you lose your recovery phrase. I shouldn't need an internet connection to recover my wallet if the phrase is stored on my device. And we should be able to choose our own recovery phrase instead of Bitpay/Copay choosing it for us. It would be easy to remember that way.

Bitpay/Copay.io lied to me and said my phrase is stored on my device. They changed that to it I stored on the wallet. That changed to it being stored on Blockchain and now the last response from them i sits restored on my device. They are contradicting themselves and have no answer for my questions.
If the phrase is stored on my device, how can I recover the wallet on a new device when the first one breaks? Why do I need an internet connection to recover it if its on my device or on the software on the device? If its stored on Blockchain there is a tracking record of it stored on the server and a administrator can recover it. Bitpay also chooses the words that you are allowed to use which are all stored in their data base. Maybe the NSA can recover it for me, I'm sure they have it stored on their data base somewhere like they have everything else that is ever done on the internet.

Like the other guy above you said, the code has been reviewed many many MANY times on github. If they were scammers they would be called out since the first week. Especially bitpay, since it has something to do with ecommerce and is one of the most trusted bitcoin payment gateways as of today. Not to mention it is one of Roger Ver's investments.

Maybe the NSA can recover it for me, I'm sure they have it stored on their data base somewhere like they have everything else that is ever done on the internet

goodluck with that.

[Fremont]

How does anyone know if it's not a scam for sure. Only the people at the very top would know and possibly not even senior staff.
Remember the Manhattan Project? The only ones who knew about it were the people at the very top.

Hi Mike, as previously mentioned Copay is open source. This means that the code is available for review by anyone and everyone. If it were a scam, this would have been discovered by any person reviewing the code.

The two co owners could very well be taking Bitcoins from wallets that can't be recovered by the client. They have to have the recovery phrase stored somewhere on the internet since I need an internet connection to use the recovery phrase.

This is literally impossible, and I have explained this to you already. One of the reasons you may be receiving hostile responses from others is because you refuse to listen to those who know what they are talking about and continue to push your own point of view of what is happening. If I knew nothing about performing heart surgery and a heart surgeon explained to me how an operation works, disagreeing with his knowledge and pushing my own uneducated point of view about how an operation works would be absurd. That is not at all dissimilar to what is occurring here when you continue to ignore the advice and knowledge being put forth by those who have the necessary experience to know what they are talking about.

There are other people who posted on Github trying to get help recovering their wallet with no help at all. So all the employees think the recovery phrase is not stored on Copay servers but obviously it is. I can only think of one reason why the co owners would not want to give us the recovery phrase if we lost it.

The reason people do not get any help on Github with recovering their wallet is because it is impossible for others to recover your wallet seed. The recovery seed is NOT stored on Copay's servers. You keep stating that, and it is not possible. Stop stating it.

I really think there is something strange going on because it doesn't add up. Copay users who lose their phrase for whatever unfortunate reason, all lose their Bitcoin to the selfish liars who own Bitpay/Copay.

It all adds up perfectly well. Copay users have a responsibility to safeguard their wallet seed / recovery phrase. Users who fail to do so lose access to their bitcoins. NOBODY but the users themselves have access to the wallet seed / recovery phrase. You are trying to blame others for your own lack of personal responsibility.

Its not a scam unless you lose your recovery phrase. I shouldn't need an internet connection to recover my wallet if the phrase is stored on my device. And we should be able to choose our own recovery phrase instead of Bitpay/Copay choosing it for us. It would be easy to remember that way.

You don't understand how wallet seeds work, so constantly spouting the same thing you have been spouting is ridiculous. You cannot choose your own wallet seed / recovery phrase because, as I mentioned in a previous response to you, your Bitcoin addresses are 'hardcoded' into that wallet seed and the last word in the seed acts as a checksum. Stop putting the responsibility on Copay - the way their wallet is designed all of the responsibility lies solely on you.

Bitpay/Copay.io lied to me and said my phrase is stored on my device. They changed that to it I stored on the wallet. That changed to it being stored on Blockchain and now the last response from them i sits restored on my device. They are contradicting themselves and have no answer for my questions.

Your Github threads:
https://github.com/bitpay/copay/issues? ... mike1968mi

It's important to note that very few of the people replying to you were Copay employees. They are simply collaborators and members of the repo on Github and this was explained to you on Github. So no, Copay did NOT lie to you. Mike, you're not taking any of the knowledge that we are imparting here. You keep on spouting off about things you are not knowledgeable on, and refuse to accept the advice and knowledge of those who know what they are talking about. You cannot recover your funds without the seed that is stored on your device. It is ONLY stored on your device, and nowhere else. You're wasting your own time and everyone else's by continuing to deny that absolute fact.

If the phrase is stored on my device, how can I recover the wallet on a new device when the first one breaks? Why do I need an internet connection to recover it if its on my device or on the software on the device?

You can recover the wallet on a new device by writing the wallet seed / recovery phrase down, and keeping it secure. Just like every other person that uses the majority of Bitcoin wallets available today. With Copay's wallet you need an internet connection to restore your wallet, however you can also import your wallet (with your bitcoins) into another Bitcoin wallet such as Mycelium without requiring an internet connection. You WILL need an internet connection to send and receive bitcoins (and for the wallet to know how much funds you have), but you will NOT need an internet connection simply to restore your wallet.

If its stored on Blockchain there is a tracking record of it stored on the server and a administrator can recover it. Bitpay also chooses the words that you are allowed to use which are all stored in their data base. Maybe the NSA can recover it for me, I'm sure they have it stored on their data base somewhere like they have everything else that is ever done on the internet.

As I mentioned to you previously, the bitcoins are not stored on your device. They are stored on the Bitcoin blockchain. What is stored on your device are the private keys to those bitcoins which allows you to move those bitcoins to other addresses on the Bitcoin blockchain. In order for your wallet to send the command to move those bitcoins it needs an internet connection. You have not read anything about what the Bitcoin blockchain is - there is no 'administrator' of the blockchain. It is entirely decentralised and no entity controls it.

Mike, very simply put you are trying to tell people who know volumes about how Bitcoin works that they are wrong and that the knowledge they are imparting is incorrect. You're essentially stating that your idea of how things work is correct and everybody else is wrong.

You CANNOT recover your bitcoins without your wallet seed / recovery phrase. Your wallet seed / recovery phrase is NOT stored anywhere other than your device. It is ENTIRELY up to you to secure your wallet seed / recovery phrase - it is YOUR responsibility, nobody else's. You CAN import your wallet into another Bitcoin wallet such as Mycelium, but to do so you NEED your wallet seed / recovery phrase. Again, you are the only one with any knowledge of the wallet seed / recovery phrase. If you do not possess it then you have lost your bitcoins through your own irresponsibility.

Fremont

[CryptKeeper]

And we should be able to choose our own recovery phrase instead of Bitpay/Copay choosing it for us. It would be easy to remember that way.

That's a really dumb idea. Humans are not good at creating random phrases, they tend to use some phrase from a book they know or something like that. Easy prey for internet bots: everything you come up with is already written on a website. There are crypto currency wallets which allow you to choose your own seed phrase and lots of stories exist how people got hacked. Only computers can create "real" (ok, sort of) random phrases which are safe and can't be hacked. This is best practice for Bitcoin wallets for years.

[Decoded]

I haven't done too much research into copay, but i'm pretty sure they run a multi signature service. They have one key, and you have two. That's usually how it works.

You need two to recover the Bitcoin wallet. So if you lose your primary key (password), the recovery key can still be used to access your account. The reason you need an internet connection is that copay has to send you their key for you to unlock the wallet, and actually decrypt your wallet. That's a watered down explanation of multisig.

In this situation, copay usually wouldn't have access to any of your keys, at most maybe one of yours (Probably not, because this is very risky, trusting them not to take your Bitcoin).

Hence they have no access to your recovery key. It's up to you to store it securely.

[mike1968]

I'm glad that you posted that link because everyone can see now the contradictions from the responses Corey Glaze, the Sr. Sales Manager at Copay.io has also contradicted himself.

From LinkedIn:



-



-

[mjglqw]

I'm glad that you posted that link because everyone can see now the contradictions from the responses Corey Glaze, the Sr. Sales Manager at Copay.io has also contradicted himself.

image links are broken.

[mike1968]

No response???

[Fremont]

No response???

Hi Mike,

I'm not sure what response you're looking for. If you're looking for me to comment on what a Copay employee said I have no business doing so. Bitcoin is a decentralised cryptocurrency, and Bitcoin.com is just a company operating within the Bitcoin sphere - we do not own nor control 'Bitcoin' in any way, shape or form, and thus we have no control over any other company operating within the industry.

If you're looking for help on recovering your funds, every time I and others have responded to you with the facts of the matter you reply with your own idea of what's occurring. You blatantly refuse to accept my advice and the advice of others who are telling you that you are solely responsible for securing your wallet seed (and thus your bitcoins) so there is no point in me wasting my time explaining the same things to you again and again when you're just going to come back and say "No! You're wrong! My wallet seed is stored on Copay's servers! They won't give it to me, they're stealing my bitcoins!"

If you were willing to accept the facts of the situation and take the advice of those who know what they're talking about you might find people to be a little more hospitable.

Fremont