Beam Wallet Vulnerability Report

Beam Privacy
Jan 16, 2019 · 1 min read

January 16th, 2019

On January the 9th 2019 at 08:20 PM GMT, a vulnerability was discovered in Beam Wallet.

The issue was discovered internally by the Beam Development Team and was not reported anywhere else.

The vulnerability would have allowed an attacker to create a modified transaction to any wallet listening on an active SBBS address and would have caused the wallet to send funds to the attacker wallet.

The vulnerability was fixed the same day, and updated binaries were deployed to the website.

Users and partners were notified and required to upgrade their wallets

To avoid disclosing the possible attack vectors, the fix was not committed to the open source repository at the time.

The source code was committed four days later as part of Beam Wallet next update.

CVE ID: CVE-2019–6450

We encourage everyone to update their Wallet to the latest version.


If you find any kind of bug, issue or vulnerability, related to the one we face today or not, please make sure to reach us as soon as possible via email: security@beam.mw or submit an issue on Github.

Thanks for your patience and your understanding. Team Beam will continue with your help to build a confidential, comprehensive and secure ecosystem.

BEAM-MW

Discover BEAM, a Mimblewimble Implementation focused on…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store