What happened?
Recently, some comments appeared and we decided to inform our users and to be transparent to address the concerns.
Even if the private key is stored in device of the users, our SDK (development tool) made to connect accounts on Xact Wallet to dApps 'Xact Connect' was sending private key on our API server to sign transaction. Making 'Xact Connect' a custody service.
Why this Press Release and all of that?
Has Xact Wallet been hacked?
No. Xact Wallet has not been hacked and none data breach is to report. But we want to be transparent on how 'Xact Connect' version 1 proceeded.
Are you sure?
We conduct internal audits regularly and limit the access to the server to the C-tech level, restricting access to a specific place (by IP Address) and to a specific SSH-key.
In order to be even more transparent, we reached a 3rd party Software Security Audit company in order to get a full independent audit.
Is a new version of Xact SDK coming? If yes, what changes?
Yes a new version is coming and should be available really soon. Making 'Xact Connect' fully non-custodial. So transactions will be signed only on users devices.
This new version is being developed for few weeks now.
Can I use Web tool or any other dApps using Xact SDK "xact connect", during the process of maintenance?
No, apps using "Xact Connect", including our web tool, will not be available during the maintenance.
I have questions and I want to contact Xact, how can I do?
You can open a ticket here or send an email at contact at xact dot ac