Crypto wallet Edge has reported a security breach that resulted in the theft of 2,000 private keys, leading to the loss of a “low five-figure” sum. The attacker stole only Bitcoin, while other assets remained untouched. Edge Wallet announced on Feb. 22 that the vulnerability had been identified and patched, with the attack occurring two days earlier.
The investigation discovered that a few actions could lead to a vulnerability in private keys. The first was if a user selected a handful of options under the buy and sell tabs, it would log the encrypted private key of the selected wallet onto the device’s disk. The second was using the upload logs feature, which would send the logs to Edge servers, including the private key if the aforementioned buy and sell options were selected.
Edge Wallet is a non-custodial wallet that focuses on privacy and security, using zero-knowledge proofs in its design. The project has seen some controversy, especially for its “confidential Mastercard,” which was put on hold after Mastercard said it was not approved.
The past 18 months have seen several attacks that took place in the crypto market, with 2022 being the worst year for crypto, with about $3.9 billion stolen. 2023 hasn’t fared much better, with the USP stablecoin losing its depegged and Trust Wallet suffering a $4 million social engineering hack.
Experts are urging users to be vigilant and take precautions when storing their digital assets, including using reputable wallets and two-factor authentication. Multi-signature (multi-sig) wallets are becoming increasingly popular among crypto users. Multi-sig wallets require multiple signatures (or approvals) before a transaction can be executed, making them more secure than traditional wallets that require only one signature. This means that even if one private key is compromised, the funds will still be safe as the attacker would need access to multiple private keys to steal the funds.
While the crypto market has seen several attacks in recent years, the rise of decentralized finance (DeFi) has led to an increase in hacks. DeFi protocols are built on top of blockchain technology and allow users to lend, borrow, and trade digital assets without intermediaries. However, the lack of regulation and security in some DeFi protocols has made them vulnerable to attacks, leading to the loss of millions of dollars. In 2022 alone, over $2.7 billion was lost in DeFi-related hacks, according to CipherTrace’s “DeFi Hacking Landscape” report.