Hackers steal tokens from a popular cryptocurrency wallet — more than 2000 people are affected

The Edge cryptocurrency platform has discovered security problems. on February 20, one of the users complained that all bitcoins had disappeared from his wallet, while the client had not made any transactions. The security team investigated and found an exploit that led to the leakage of private keys. Edge described the incident on its blog.

Two types of users were at risk. The first are those who bought or sold bitcoins through financial services such as Bity, Wyre, Bitrefill, Ionia, Xanpool, LibertyX, Bitaccess, Bits of Gold, and Banxa. The second group of vulnerable users are those who used the Download Logs feature in Edge.

«Based on the visibility of the keys on the Edge log server, this vulnerability compromised approximately 2,000 private keys by sending them to the Edge infrastructure. This represents less than 0.01% of the total number of keys created on the platform. In addition, a random check of several dozen private keys shows that many still have funds left.Thanks to this, we have made sure that there was no large-scale hacking of the Edge infrastructure, which would have compromised the vast majority of funds on such wallets,» the crypto platform team noted in the article.

The company also provided an algorithm of actions for users who are at risk. The platform recommends updating the application to Edge v3.3.1. It is also necessary to delete previous logs, and for complete protection, generate a new wallet. In this case, you do not need to create a new account.

Edge CEO and co-founder Paul Puel said: «This breach fell short of Edge users' expectations. We will use this experience to strengthen the platform and continue our mission to empower users around the world to interact with the crypto economy by making security features intuitive and accessible. Don’t hesitate to report our services if you experience any problems.»

As a reminder, cybersecurity specialists from IT company Unciphered have revealed a scheme to hack a cryptocurrency wallet in one second. It turned out that the OneKey hardware crypto wallet does not encrypt data transmitted from the encrypted part to the central processor. By tampering with the wallet at the hardware level, the analysts were able to deceive the device, forcing it to return to factory settings. As a result of this «reset,» the experts were able to intercept the wallet’s passphrase in a second, which allows the attacker to transfer cryptocurrency to any address without any problems.