Beam Wallet Vulnerability Report

Beam Privacy
Jan 16, 2019 · 1 min read
Image for post
Image for post

January 16th, 2019

On January the 9th 2019 at 08:20 PM GMT, a vulnerability was discovered in Beam Wallet.

The issue was discovered internally by the Beam Development Team and was not reported anywhere else.

The vulnerability would have allowed an attacker to create a modified transaction to any wallet listening on an active SBBS address and would have caused the wallet to send funds to the attacker wallet.

The vulnerability was fixed the same day, and updated binaries were deployed to the website.

Users and partners were notified and required to upgrade their wallets

To avoid disclosing the possible attack vectors, the fix was not committed to the open source repository at the time.

The source code was committed four days later as part of Beam Wallet next update.

CVE ID: CVE-2019–6450

We encourage everyone to update their Wallet to the latest version.

If you find any kind of bug, issue or vulnerability, related to the one we face today or not, please make sure to reach us as soon as possible via email: security@beam.mw or submit an issue on Github.

Thanks for your patience and your understanding. Team Beam will continue with your help to build a confidential, comprehensive and secure ecosystem.

BEAM-MW

Confidential, fast, easy to use

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store