Edge, a multi-currency mobile crypto wallet, has suffered a severe security breach, with the attacker gaining access to 2,000 private keys and stealing “low five figures in USD.” On February 20th, after a user reported an unauthorized transaction from their wallet, Edge discovered that their non-custodial wallet, which operates on a decentralized server architecture, had been breached. Although the user reported that their Bitcoin was stolen in the transaction, their other assets were left untouched. Edge concluded that the attacker had not logged into the account to carry out the theft and instead had accessed the user’s master private key for their Bitcoin wallet.
Edge has revealed that a vulnerability in its logs server was exploited, resulting in the access of 2,000 unencrypted private keys (0.01% of the total keys created on their platform). Reports of missing funds are rare, and some affected wallets still hold their assets. However, losses at the time of the report were estimated to be in the low five-figure range (in USD).
Edge releases vital security update
On February 22nd, Edge released an update (v3.3.1) that fixed the vulnerability and deleted all previous logs stored on the disk to protect users from further losses. Furthermore, they have advised users to create new wallets within their existing accounts for enhanced security. This eliminates the risk of exposure to any vulnerabilities associated with its private keys.
The rising trend of crypto hacks
The attack on Edge Wallet is yet another alarming reminder of the trend of crypto hacks and exploits. In 2022, about $3.9 billion in crypto was stolen from various projects, making it the worst year to date for cryptocurrency thefts. Crypto wallets have become increasingly vulnerable targets, with Trust Wallet recently suffering a $4 million social engineering breach and BitKeep losing $8 million to an exploit in December.
To add to the list of woes, Edge Wallet faced criticism after the Bitcoin Mastercard they had planned to launch in June 2022 was put ‘on hold’ following the denial of involvement from the payment giant.
