The attacker took possession of the private keys of users of the Edge wallet

Crypto Wallet Edge faced with a security incident in which an attacker stole 2,000 private keys.

“Edge staff has been made aware of a security incident in which a user made an unauthorized transaction that resulted in the deletion of the entire amount of his bitcoin wallet. All other funds in their Edge account remained intact,” the company said in a statement.

Since Edge uses separate master private keys for each wallet, the project team was able to determine that the attacker was not logged into the user account, but only compromised the private key of the bitcoin wallet.

Further investigation also revealed that the Edge application contained a vulnerability that leaked private keys during certain actions.

This primarily occurs when the user enters one of the options available in the Buy or Sell tabs on the bottom navigation bar, and also when using Edge’s Download Logs feature.

Based on the visibility of the keys in the Edge log server, this vulnerability compromised approximately 2,000 private keys by sending them to the Edge infrastructure, according to the team. This represents less than 0.01% of the total number of keys generated on the Edge platform.

“A random check of several dozen private keys shows that many still have funds left. This ensures that there has not been a large-scale compromise of the Edge infrastructure that would have compromised the vast majority of funds on such keys, ”the statement says.

Since a small number of users have reported key leaks, and the total wallet balance is in the five-digit dollar range, the Edge team believes the incident is very limited in scope and could be a targeted attack.

“We are continuing our investigation, including deep forensics on the device to determine if malware could have accessed the unencrypted private keys on the drive,” the statement said.

The Edge hack came a few months after another major hack, when the BitKeep crypto wallet was attacked. BitKeep conducted a preliminary investigation and found that the attackers had taken control of some APK packages and embedded malicious code. In total, hackers stole $8 million.

Stay in touch! Subscribe to at Telegram.

Comments (No)

Leave a Reply