2000 private crypto keys stolen
The Edge wallet was exposed to a security incident that led to 2,000 private keys being exploited. The vulnerability has since been patched.
Crypto wallet Edge has suffered a security incident, which resulted in the attacker stealing 2,000 private keys. The team published a post on February 22 detailing the security incident, stating that they had identified the vulnerability. The team has already released an update that addresses the issue.
The attack took place on February 20, and the team was alerted by a user who experienced an unauthorized transaction that resulted in them losing all their Bitcoins. The attacker only stole Bitcoin, while other assets remained untouched.
The takeaway from this is that the attacker only had access to the individual master private key for the Bitcoin wallet. As such, the user’s account was not logged in, but only the Bitcoin wallet’s private key was compromised.
Further investigation led the team to discover that a few actions could lead to a private key vulnerability. The first was that if a user selected a handful of options under the buy and sell tabs, it would result in logging the encrypted private key of the selected wallet to the device’s disk.
The second was that if they used the upload log feature, it would send the logs to Edge servers. This will include the private key if the aforementioned buy and sell options were selected.
The total number of affected users is 0.01% of all keys created via Edge. The total amount stolen is approximately “low 5 figures in USD”.
What is Edge Wallet?
Edge Wallet is a non-custodial wallet that operates on a decentralized server architecture. It has a strong focus on privacy and security, and uses zero-knowledge proof in its design.
The project has seen some controversy, particularly for its “confidential Mastercard.” The project announced that Mastercard would offer high privacy protection – but Mastercard itself said it was not approved. Edge put the card on hold after the reveal.
There are also reports that the Titan Stealer malware has targeted the Edge wallet. This Golang-based malware can steal information such as credentials, screenshots, and FTP client details, among other things.
Crypto Hacks are not slowing down
In the last 18 months, there have been several attacks that have been on the crypto market. 2022 was the worst year for crypto, with around $3.9 billion stolen. The exploit in vogue at the moment is the cross-chain bridge attack, which accounted for some of the biggest crypto hacks of 2022.
2023 hasn’t fared much better, despite the fact that it’s only been two months. USP stablecoin recently lost its depegged after the hacker stole $8.5 million from Platypus. Trust Wallet also suffered a $4 million social engineering hack.
Disclaimer
BeInCrypto has reached out to the company or person involved in the story for an official statement on the latest development, but has yet to hear back.