Crypto wallet Edge has suffered a security incident, resulting in the attacker stealing 2,000 private keys. The team published a post on Feb. 22 detailing the security incident, stating that it had identified the vulnerability. The team has already released a patch that addresses the issue.
The attack took place on Feb. 20, and the team was notified by a user who experienced an unauthorized transaction that resulted in them losing all of their Bitcoins. The attacker only stole Bitcoin, while other assets remaining untouched.
The takeaway from this is that the attacker only had access to the individual master private key for the Bitcoin wallet. As such, the user’s account was not logged into, but rather just the Bitcoin wallet’s private key was compromised.
Further investigation led to the team discovering that a few actions could lead to a vulnerability in private keys. The first was that if a user selected a handful of options under the buy and sell tabs, it would result in logging the encrypted private key of the selected wallet onto the device’s disk.
The second was that if they used the upload logs feature, it would send the logs to Edge servers. This would include the private key if the aforementioned buy and sell options were selected.
The total number of users affected accounts for 0.01% of all keys made via Edge. The total amount stolen is about “low 5 figures in USD.”
What Is Edge Wallet?
Edge Wallet is a non-custodial wallet that operates on a decentralized server architecture. It has a strong focus on privacy and security, using zero-knowledge proofs in its design.
The project has seen some controversy, especially for its “confidential Mastercard.” The project announced that the Mastercard would offer high privacy — but Mastercard itself said that it was not approved. Edge put the card on hold following the revelation.
There are also reports that the Titan Stealer malware has targeted the Edge wallet. This Golang-based malware can steal such information as credential data, screenshots, and FTP client details, among other things.
Crypto Hacks Not Abating
The past 18 months have seen several attacks that place in the crypto market. 2022 was the worst year for crypto, with about $3.9 billion stolen. The exploit in fashion at the moment is the cross-chain bridge attack, which accounted for some of the biggest crypto hacks of 2022.
2023 hasn’t fared much better, despite the fact that only two months have passed. The USP stablecoin recently lost its depegged after the hacker stole $8.5 million from Platypus. Trust Wallet also suffered a $4 million social engineering hack.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.