Nighthawk Pockets iOS and ECC Reference Pockets iOS customers ought to improve to the most recent variations with a view to remediate a safety vulnerability. No different wallets are affected by this bug, and remediation steps are outlined under.
In buggy variations of the wallets, when a consumer opted to incorporate their pockets’s deal with in an outgoing memo discipline utilizing the “Reply-To” function, the pockets would mistakenly embrace the pockets’s secret viewing key slightly than the pockets’s deal with. When you use the Nighthawk Pockets or the ECC Reference Pockets for iOS, you possibly can decide in the event you had been affected by inspecting every of your pockets’s outgoing transaction memo fields and searching for any “Reply-To” elements that start with “zxview”. A discipline starting with “zxview” signifies that your pockets’s viewing key was included within the memo slightly than the pockets’s deal with.
All customers ought to instantly improve to the most recent model of the pockets software program. When you had been affected by the bug, i.e., a number of of your outgoing “Reply-To”’s begins with “zxview”, then the recipients of these memos will have the ability to see your pockets’s transaction historical past, together with any memo discipline contents. As a result of everlasting nature of knowledge saved on the blockchain, it isn’t attainable to revoke entry to that info.
To forestall unintentional viewing key recipients from seeing any future transaction particulars, you should improve your pockets to the most recent software program model, create a brand new pockets, and migrate your funds to the brand new pockets. Please again up your seed phrase previous to trying this to scale back the danger of by accident dropping funds within the course of.
The bug existed within the ECC iOS Reference Pockets 0.3.7-105 codebase from Could 6, 2021 to in the present day. The commit containing the repair is out there right here and in variations of the ECC Reference Pockets 0.5.0-120 or later (for testnet) and 0.4.0-117 or later (for mainnet). The ECC iOS Reference Pockets has a really restricted distribution, nearly totally restricted to ECC staff.
Nighthawk was affected as of model 1.9, which was launched on July 2, 2021. The bug has been fastened as of model of Nighthawk 1.21 which was launched July 11, 2021.
We wish to thank the Nighthawk Pockets builders for locating the bug and appearing on it instantly.