Beam Announces ‘Critical’ Vulnerability in Mimblewimble Crypto’s Wallet

flashlight-floor-e1506709416574
9 January 2019

The team behind Beam, a newly released privacy-oriented cryptocurrency, announced Wednesday that a “critical vulnerability” has been discovered in its wallet software.

Disseminating the information from their official Twitter account, Beam urged users to uninstall the Beam Wallet application immediately and redownload a patched version of the application again from their website. The project’s GitHub page – which echoes the warning regarding the wallet software – states that “details for the vulnerability and the CVE will be published within a week to avoid exploits.”

The GitHub page further states:

“[The] Vulnerability affects all previously released Beam Wallets both Dekstop and CLI. DO NOT DELETE THE DATABASE or any other wallet data. The vulnerability DOES NOT affect wallet data, secret keys or passwords.”

The announcement specifies that the vulnerability found in the wallet software was discovered solely by the Beam developer team “and not reported anywhere else.” In a post on Discord, CTO Alex Romanov said that “the issue was already fixed” and that miners and nodes are unaffected.

The situation comes just days after Beam became the first cryptocurrency to go live utilizing the privacy tech known as Mimblewimble, which is touted as a means by which transactions can be made confidential and effectively untraceable. Beam launched ahead of Grin, another implementation of the technology that is expected to launch next Tuesday.

Beam of light image via Shutterstock