Edge Wallet developers have confirmed the leak of 2,000 private keys after one of the users contacted. He reported that the attacker stole bitcoins, leaving other assets in the wallet intact.
Urgent notice:
We have identified a security vulnerability in Edge which has the potential to have affected a subset of users.
All users should read the blog post linked below and take immediate action:https://t.co/soWkf8U17k
— Edge (@EdgeWallet) February 22, 2023
After an investigation, the team confirmed the presence of a vulnerability – copying keys in plaintext with some buy / sell options while simultaneously uploading logs to Edge servers. The developers emphasized that the hacker did not really gain access to the wallets, but only compromised the private key.
According to the report, the problem affected less than 0.01% of the total number of keys generated on the platform.
“We have received very few reports from victims, whose cumulative loss is currently in the five figures in US dollars. Based on this, we believe that the incident is of a very limited scale and may be a targeted attack on specific users,” Edge Wallet noted.
The developers are continuing to investigate and conduct deep forensics on the devices to determine if malware could have accessed the unencrypted private keys on the drive.
Users were urged to upgrade to the new version of Edge 3.3.1.
Recall that in December 2022, the API keys of users of the 3Commas algorithmic trading platform for digital assets were leaked.
The incident was analyzed in detail by HAPI Labs specialists.
Found a mistake in the text? Select it and press CTRL+ENTER
bitcoinlinux Newsletters: Keep your finger on the pulse of the bitcoin industry!
