Edge Wallet developers confirmed a leak of 2,000 private keys after a user reported it. The user said that the attacker stole Bitcoin, leaving other assets in the wallet untouched.
Urgent notice:
We have identified a security vulnerability in Edge which has the potential to have affected a subset of users.
All users should read the blog post linked below and take immediate action:https://t.co/soWkf8U17k
— Edge (@EdgeWallet) February 22, 2023
Following the investigation, the team confirmed the vulnerability — keys were copied in unencrypted form under certain buy/sell options, with logs uploaded to Edge servers simultaneously. The developers stressed that the hacker did not actually gain access to the wallets, but compromised only the private key.
According to the report, the issue affected less than 0.01% of the total keys created on the platform.
“We have received very few reports from those affected, with total losses currently in the five-figure US dollars. On this basis, we believe the incident has a very limited scope and may be a targeted attack on specific users,” Edge Wallet said.
The developers are continuing the investigation and are conducting a thorough examination of devices to determine whether malware could have gained access to unencrypted private keys on disk.
Users were urged to upgrade to Edge 3.3.1.
In December 2022, a leak occurred of API keys belonging to users of the platform for algorithmic trading of digital assets 3Commas.
The incident was examined in detail by HAPI Labs.