California-based wallet provider Edge exposed 2,000 private keys due to a vulnerability

The cryptocurrency wallet provider Edge, based in California, USA, discovered a vulnerability in its application resulting in the loss of 2,000 private keys. Although the lost amount is below five figures in USD, the vulnerability could easily expose users to risks. Edge has released a new version and urges users to update as soon as possible.

APP Two-Step Process Leads to Private Key Exposure

On February 20th, Edge learned of an incident where users' funds were lost. Through an investigation, it was discovered that the user's account on the client side was not compromised by hackers, but rather the private key of the user's Bitcoin wallet was directly exposed.

Edge stated that this was due to a vulnerability in the Edge App, where just two steps could lead to the exposure of the private key:

• Using the buy or sell option within the app would store the unencrypted private key in the device's log.
• If the log upload feature of Edge was then used, the log would be uploaded to the Edge server. If the log was uploaded just after a buy or sell action, it would contain the private key.

According to Edge's statement, this is equivalent to the exposure of user data stored on Edge servers. Edge also acknowledged that such vulnerabilities do not meet the expected standards of users and is committed to improving.