January 9th, 2019, 08:20 PM (GMT)

Our Dev. Team discovered a Critical Vulnerability in Beam Wallet on January 9th, 2019, at 08:20 PM (GMT).

The vulnerability affects all previously released Beam Wallets both Desktop and CLI.

So far, we are not aware of Beam’s users being affected by this vulnerability.

We are working with various providers in the ecosystem to upgrade their systems.

Updates

The vulnerability has been fixed immediately

Updated binaries can be downloaded from the website and the website only

Please do not use wallets built from Source Code since the Vulnerability Fix was not committed to a public branch to avoid disclosure

Required actions

Do not delete the database or any other wallet data.

The vulnerability does not affect wallet data, secret keys or passwords.

All Beam users are required to follow the procedure below quickly.

Stop your currently running Beam Wallets immediately. Uninstall or delete your Beam Wallet application and executables from all machines. Please, do not remove the database or any other wallet data. Make sure the application was deleted. Check the documentation for the location of Wallet app files. Download the Beam Wallet from the website. It will have an identical version number as previously published archives. Make sure the SHA256 of the archive matches with the one published on the website. Install the new application.

We will publish as soon as possible the results of our investigation together with a full transcript of the solutions we applied to solve the issue.