Beam, the privacy coin implementing the MimbleWimble protocol, announced via its Twitter account that its team had found a "critical vulnerability" in the Beam Wallet. Per Beam CTO, Alex Romanov, in Beam's community chat, the vulnerability does not affect "wallet data, secret keys, or passwords." The vulnerability was first discovered by the Beam development team and affects previously released Beam Wallets.
CRITICAL VULNERABILITY IN BEAM WALLET— @Beamprivacy (@beamprivacy) January 9, 2019
9.1.2019 20:20 GMT
Critical Vulnerability was found in Beam Wallet today.
Vulnerability was discovered by Beam Dev Team and not reported anywhere else.
Vulnerability affects all previously released Beam Wallets both Dekstop and CLI.
The Beam team is recommending users to do the following:
- Stop running their wallets.
- Uninstall or delete their wallet application and executables from all machines.
- Make sure the application was deleted.
- Redownload and reinstall the updated version of Beam Wallet from Beam's website.
The Beam team will release a proper update, providing more details on the vulnerability, in the next few days. Beam officially launched on January 3, 2019, becoming the first cryptocurrency to implement the privacy protocol, MimbleWimble.