Edge, a California-based cryptocurrency wallet, discovered an application vulnerability that resulted in the loss of 2,000 private keys. Although the amount lost was less than five-digit dollars, the vulnerability easily exposed users to risks. Edge has provided the latest version and urges users to update as soon as possible.
The APP will leak the private key in two steps
On February 20, Edge learned of the loss of user funds. After investigation, it was found that the user's account was not logged in by hackers, but the private key of the user's Bitcoin wallet was directly leaked.
Edge says this is due to a vulnerability in the Edge App that leaks private keys in just two steps:
Using the buy or sell options within the app will cause the unencrypted private key to be stored in the device's log
If you use Edge's log upload function, the logs will be uploaded to the Edge server. If the log is uploaded just after the buying or selling action occurs, the private key will be included.
According to Edge, this is equivalent to the leakage of user data stored on Edge servers; Edge also stated that this type of vulnerability does not meet the standards expected by users and will work hard to improve it.
This article, California wallet provider Edge vulnerability caused 2,000 private keys to be lost, first appeared on Chain News ABMedia.