Developers behind the privacy-focused cryptocurrency Beam have revealed that the "Critical" bug discovered and subsequently fixed in their wallet software last week could have put user funds directly at risk.
As stated in a Medium post published today, the vulnerability would have allowed an attacker to create "Modified transactions" and subsequently send funds directly into the attacker's wallet.
In an exclusive interview with CoinDesk, Beam CTO Alex Romanov explained that by leveraging Beam's Secure Bulletin Board System - a custom-built system to enable offline encrypted messaging between Beam wallets - attackers "Currently listening in on active SBBS addresses would be able to cause these wallets to send money to an attacker."
"The vulnerability is not related to mimblewimble or cryptography or any underlying technology. Basically, it's a bug in the application itself It just affected the wallets because it would be possible to create this specific transaction."
Though the existence of the vulnerability was disclosed to the public the same day it was found by Beam's internal development team, the exact nature of the threat was not made public until today.
The reason for this according to Romanov was to prevent opening up any "Possible attack vectors" for users who had not seen the announcement of the vulnerability last Wednesday.
Speaking to the issued patch, Romanov explained that the fix was relatively simple.
"We have just prevented this specific scenario in which this custom transaction would have been accepted by a running wallet and that's it," said Romanov to CoinDesk.
"We have taken into consideration all the issues raised by users, all the requests, all the misunderstanding that in retrospect was pretty obvious because mimblewimble is a very new technology and we have created an update which will improve the user experience," said Romanov.
Calling it version 1.0.1, Romanov highlighted that use of Beam systems as a result of mimblewimble has caused "Pools and also exchanges to significantly modify the way they operate and the way they handle transactions."
'Critical' Vulnerability in Beam Wallet Could Have Put Funds At Risk, Devs Say After Fix
gepubliceerd op Jan 16, 2019
by Coindesk | gepubliceerd op Coinage
Coinage
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.