Project developers have found a critical vulnerability in their wallet for Beam. Beam is a new mineable privacy coin which was launched on January 3rd using the Mimblewimble protocol.
This vulnerability affects both the desktop wallet and the CLI-implementation, and a complete uninstall and reinstall is recommended.
On the existence of a vulnerability, the Beam team made an official statement on Twitter:
CRITICAL VULNERABILITY IN BEAM WALLET
9.1.2019 20:20 GMT
Critical Vulnerability was found in Beam Wallet today.
Vulnerability was discovered by Beam Dev Team and not reported anywhere else.
Vulnerability affects all previously released Beam Wallets both Dekstop and CLI.
— @Beamprivacy (@beamprivacy) January 9, 2019
According to the assurances of the project team, this vulnerability has no interaction with private keys and passwords, so there is no need to delete the wallet database. But along with this, instructions were provided on how to protect yourself.
“All Beam users are required to follow the procedure below quickly.”
2/4
DO NOT DELETE THE DATABASE or any other wallet data.The vulnerability DOES NOT affect wallet data, secret keys or passwords
All Beam users are REQUIRED to follow the procedure below IMMEDIATELY!!!
1. Stop your currently running Beam Wallets immediately
— @Beamprivacy (@beamprivacy) January 9, 2019
As the project team said, the official investigation will be published soon:
“We will publish as soon as possible the results of our investigation together with a full transcript of the solutions we applied to solve the issue.”
