Key Takeaways:
- Over 2,000 crypto private keys have been stolen due to a security flaw at Edge Wallet.
- Around 2000 private keys were exposed by the vulnerability by being sent to Edge infrastructure because keys were visible on the Edge logs server.
Edge senior staff received notification of a private keys security issue on February 20, 2023, involving a user who had encountered an unauthorised transaction that had completely depleted their Bitcoin wallet.
On February 22, the team detailed the security incident in a blog entry and claimed to have found the vulnerability. A hotfix that fixes the problem has already been made available by the team.
It was concluded that the user’s account was not accessed by an attacker, and that only the private key of their Bitcoin wallet was breached because Edge employs unique master private keys for each wallet.
The individual claimed that the transaction resulted in the theft of their entire Bitcoin balance. The wallets’ other assets, however, were unaffected.
Approximately 2000 private keys have been compromised by this flaw by being sent to Edge infrastructure, according to the visibility of keys on the Edge logs server. This represents less than 0.01% of all keys generated on the Edge platform, on average.
A quick review of several dozen private keys reveals that many of them still have money in them. Through this, Edge was able to reassure that their system had not been widely compromised, which would have exposed the overwhelming majority of funds associated with such keys.
Edge added that they had only received a small number of reports of users missing money totaling under $5 million USD, suggesting that the incident may have been a deliberate attempt to target the users.
The group identified a few activities that might have resulted in a private key risk. The first was the encrypted private key for the wallet would have been stored on the device’s disc if a user chose particular options under the purchase and sell tabs.
Edge urges all users to update to the most current version of Edge (v3.3.1), which is available for direct download on their website, the Google Play Store, and the Apple App Store in response to this incident. This update removes all previous disc records and resolves all exploitable flaws affecting private wallet keys.
In the cryptocurrency world, wallet breaches have been around for a while. As financial institutions and organisations around the world look for innovative ways to improve their operations, such as through blockchain and cryptocurrency, several banking behemoths have recruited the help of money transfer service cells to set up a digital wallet.
Last month it was revealed that banks in America are working together to provide a digital wallet that is connected to clients’ debit and credit cards in an effort to take on Apple and PayPal.
