Important bug fix to wallets may impact 1% of users in v0.9.28 release next week

We are preparing to release version 0.9.28 next week and we want to make everyone aware of a change that may impact your funds if you keep any in your Status wallet. This change is an edge case and we estimate it will only impact ~1% of Status accounts.  While it is a very small chance that your account could be impacted, we have outlined steps below for you to mitigate any potential disruptions to your use of Status.

What happened in the code

We fixed an invalid key derivation from a master key issue in some edge cases. More can be found on GitHub here. In short, what we found was in the case where a key is represented with less than 32 bytes, its child key was derived incorrectly compared to other wallets, ending up with a different child key and address.

So we fixed our BIP32 algorithm to add a padding in a case like that, and fixed the derived child key and address.

Check your wallet address before you upgrade

If you keep any funds in your Status wallet, please read the following carefully to ensure nothing is lost in the update. When we push v.0.9.28, it is important you take the following steps prior to updating Status

  1. Check your wallet address before you update to v.0.9.28
  2. When you update to v0.9.28, recover your account using your mnemonic phrase
  3. Verify your wallet address is the same as in the previous version.

In 99% of upgrades the wallet address will be the same. If the wallet address is different, it means that your old account was affected and you will be logged into the new account. To access your funds you will need to logout and login to the original account and transfer the funds to your new address. You can follow the steps here:

  • Go to Profile, tap logout
  • Login to the original account
  • Transfer funds to your new wallet address

For more information, please join us in Status or Riot. Someone is more than happy to answer your questions and help you out.