Beam Wallet is a tech firm that’s allowing users in the United Arab Emirates to pay for goods and services using their phone. They do so via its wallet application, and according to the firm’s website, over 750,000 use the Beam Wallet, and it’s processed some four million transactions to date.
The associated Beam cryptocurrency went live a few days’ back, with its key selling point being the use of privacy technology known as Mimeblewimble. This, in theory, means that transactions made via the service can be confidential.
However, things have not quite gone to plan. The Beam team has issued an announcement that a “critical vulnerability” has been found in the Beam Wallet. It says it discovered the vulnerability itself, and is moving fast to fix it. Here’s the Tweet where it announced the news…
CRITICAL VULNERABILITY IN BEAM WALLET
9.1.2019 20:20 GMT
Critical Vulnerability was found in Beam Wallet today.
Vulnerability was discovered by Beam Dev Team and not reported anywhere else.
Vulnerability affects all previously released Beam Wallets both Dekstop and CLI.
— @Beamprivacy (@beamprivacy) January 9, 2019
It went into more detail on a Github posting, where it said that all Beam users were required to stop using the wallet application and to uninstall or delete it (but crucially, not to delete the database or any wallet data). Then, to ensure the application itself has been fully deleted, and to download a fresh version of it, that’s been updated to fix the vulnerability.
Those instructions in full can be found here.
There’s no evidence that anything nefarious was done as a consequence of the vulnerability, and the fix was applied quickly.