Summary: Users of Mina JavaScript client-sdk should upgrade to the 1.0.1 release of the client-sdk urgently. Out of an abundance of caution, users who generated private keys using the getKeys() function of the prior releases of the client-sdk should also immediately move any funds to an address that was generated by an alternative method, or by the new 1.0.1 release.
O(1) Labs – our ecosystem partner – recently discovered a vulnerability in the Mina JavaScript client-sdk where private key generation in some situations depends on poor entropy. This means that private keys generated under these situations are vulnerable to attacks by malicious actors, and with low probability, funds can be stolen. This has been patched and fixed in the 1.0.1 release of the client-sdk.
Developers and users who use the client-sdk should immediately upgrade to the new 1.0.1 release to fix this vulnerability. Users who have used either the client-sdk directly, or a product that depends on the client-sdk, should also immediately move their funds to an address that was generated by an alternative method, or the new 1.0.1 release.
About Mina Protocol
Mina Protocol is being incubated by O(1) Labs, the leader in zk-SNARKs and verifiable computation. Mina Protocol, the world’s lightest blockchain, provides a foundation for the decentralized digital economy (Web 3.0), by affording all participants fully P2P, permissionless access to the chain, from any device. By utilizing recursive zk-SNARKs, the Mina blockchain always stays the same size — about 20 kilobytes (the size of a few tweets). Recursive zk-SNARKs allow nodes to rapidly share and update proof of the correct blockchain state across the network. This breakthrough application of zk-SNARKs solves the issues of scalability and high barrier to entry for nodes that have plagued legacy blockchains to-date. By making it easier for nodes to participate, Mina improves decentralization and therefore security of the network. The Mina blockchain can be easily accessed from any device, including phones and browsers, and can be seamlessly integrated into new decentralized applications (dapps).
