From 894033382560e22cd79bb9765b4ede3fc4dcb95f Mon Sep 17 00:00:00 2001
From: Marguerite Blair <margieblair@bitgo.com>
Date: Wed, 8 Apr 2026 13:10:10 -0400
Subject: [PATCH] feat(sdk-core): removing mention of mitm attack from hmac
 error

Ticket: ANT-00000
---
 modules/bitgo/test/unit/bitgo.ts   | 2 +-
 modules/bitgo/test/v2/unit/auth.ts | 6 +-----
 modules/sdk-api/src/api.ts         | 8 ++------
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/modules/bitgo/test/unit/bitgo.ts b/modules/bitgo/test/unit/bitgo.ts
index 56e3faac4f..6e1374bcd9 100644
--- a/modules/bitgo/test/unit/bitgo.ts
+++ b/modules/bitgo/test/unit/bitgo.ts
@@ -559,7 +559,7 @@ describe('BitGo Prototype Methods', function () {
       const scope = nock(url).get('/').reply(200);
 
       // test suite bitgo object has hmac verification enabled, so it should throw when the nock responds
-      await bitgo.get(url).should.be.rejectedWith(/invalid response HMAC, possible man-in-the-middle-attack/);
+      await bitgo.get(url).should.be.rejectedWith(/invalid response HMAC/);
       scope.done();
     });
 
diff --git a/modules/bitgo/test/v2/unit/auth.ts b/modules/bitgo/test/v2/unit/auth.ts
index b9d997454d..5c1657ec56 100644
--- a/modules/bitgo/test/v2/unit/auth.ts
+++ b/modules/bitgo/test/v2/unit/auth.ts
@@ -48,11 +48,7 @@ describe('Auth', () => {
 
       const scope = nock(url).get('/').reply(200);
 
-      await bitgo
-        .get(url)
-        .should.be.rejectedWith(
-          'server response outside response validity time window, possible man-in-the-middle-attack'
-        );
+      await bitgo.get(url).should.be.rejectedWith('server response outside response validity time window');
       verifyResponseStub.restore();
       scope.done();
     });
diff --git a/modules/sdk-api/src/api.ts b/modules/sdk-api/src/api.ts
index c605b378e8..e132426f81 100644
--- a/modules/sdk-api/src/api.ts
+++ b/modules/sdk-api/src/api.ts
@@ -235,7 +235,7 @@ function assertVerificationResponse(
       bitgoToken: partialBitgoToken,
     };
     debug('Invalid response HMAC: %O', errorDetails);
-    throw new ApiResponseError('invalid response HMAC, possible man-in-the-middle-attack', 511, errorDetails);
+    throw new ApiResponseError('invalid response HMAC', 511, errorDetails);
   }
 
   if (bitgo.getAuthVersion() === 3 && !verificationResponse.isInResponseValidityWindow) {
@@ -244,11 +244,7 @@ function assertVerificationResponse(
       verificationTime: verificationResponse.verificationTime,
     };
     debug('Server response outside response validity time window: %O', errorDetails);
-    throw new ApiResponseError(
-      'server response outside response validity time window, possible man-in-the-middle-attack',
-      511,
-      errorDetails
-    );
+    throw new ApiResponseError('server response outside response validity time window', 511, errorDetails);
   }
 }