NANO (NANO) announced the release of its mobile wallets for Android and iOS, finally making the coin available for its intended purpose of being a fast and free means of peer-to-peer payments.
However, the launch was soured by an immediately discovered security bug in the Android wallet. Users are urged to immediately move the funds from the newly-released wallet, and derive another seed phrase.
https://twitter.com/nano/status/1009917306162565130
The launch of a mobile wallet served as short-term support for the NANO market price. But now, the news of a compromised wallets have hit the coin hard, along with the general slide in crypto markets. NANO crashed to $2.70, losing another 8% net in the past 24 hours.
Thus, NANO is up for a rough start just as the project aims for wider adoption. The dramatic rise in prices this December, to above $32, also led to dramatic losses. Hit by security problems and the BitGrail exchange hack, NANO lost its appeal. Not even Binance trading is helping lift volumes.
NANO still has to prove itself as a secure way to store balances, as it uses an innovative system where each wallet keeps its own blockchain. The current wallet error, appearing after extensive testing and a delay in the wallet’s launch, is relatively minor, with a small risk of losses. However, users are urged not to use the Android wallet, for now.
The NANO wallet is still active for downloads on Google (NASDAQ:GOOGL) Play store, although reviews warn of the vulnerability. The issue was patched, however.
Despite the fact that the wallet was available in beta version for a long time, the team admitted on Reddit they had allowed an oversight in reviewing the code. The NANO wallet was not open source, as the team wanted to keep the technology with some level of secrecy. But this prevented third parties and reviewers from noticing the flaw.
The team has erased some of the messages and explanations on Reddit, but the nature of the vulnerability seems to include a weak randomization of the seed, which may produce insecure addresses which are predictably generated. While an attack is improbable and difficult, NANO users and developers have been discontent with the approach for releasing a cryptographically protected wallet.
NANO has also had troubles with exchange wallets and nodes, leading to deposit and withdrawal problems in the past.
In the past, the Jaxx wallet has encountered a vulnerability where the phrase to generate the private keys through cryptographic transformation was easily discoverable. Creating wallets with discoverable seeds is one of the ways hackers manage to steal funds, while users cannot easily tell the address has been compromised. In the case of NANO, however, the error was not intentional, but due to the usage of an unsuitable method of randomization.
This article appeared first on Cryptovest