Team Beam discovered a critical vulnerability in Beam wallet

January 9th, 2019, 08:20 PM (GMT)

Our Dev. Team discovered a Critical Vulnerability in Beam Wallet on January 9th, 2019, at 08:20 PM (GMT).

The vulnerability affects all previously released Beam Wallets both Desktop and CLI.

So far, we are not aware of Beam’s users being affected by this vulnerability.

We are working with various providers in the ecosystem to upgrade their systems.

Updates

  • The vulnerability has been fixed immediately
  • Updated binaries can be downloaded from the website and the website only
  • Please do not use wallets built from Source Code since the Vulnerability Fix was not committed to a public branch to avoid disclosure

Required actions

Do not delete the database or any other wallet data.

The vulnerability does not affect wallet data, secret keys or passwords.

All Beam users are required to follow the procedure below quickly.

  1. Stop your currently running Beam Wallets immediately.
  2. Uninstall or delete your Beam Wallet application and executables from all machines. Please, do not remove the database or any other wallet data.
  3. Make sure the application was deleted. Check the documentation for the location of Wallet app files.
  4. Download the Beam Wallet from the website. It will have an identical version number as previously published archives. Make sure the SHA256 of the archive matches with the one published on the website.
  5. Install the new application.

We will publish as soon as possible the results of our investigation together with a full transcript of the solutions we applied to solve the issue.


If you find any kind of bug, issue or vulnerability, related to the one we face today or not, please make sure to reach us as soon as possible via email: security@beam.mw or submit an issue on Github.

Thanks for your patience and your understanding. Team Beam will continue with your help to build a confidential, comprehensive and secure ecosystem.