diff --git a/.pnp.cjs b/.pnp.cjs
index 4454f4cc..b540c162 100755
--- a/.pnp.cjs
+++ b/.pnp.cjs
@@ -473,7 +473,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
       ],\
       [\
         "@types/elliptic",\
-        "npm:6.4.12"\
+        "npm:6.4.14"\
       ],\
       [\
         "@types/eslint",\
@@ -3327,7 +3327,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["@istanbuljs/nyc-config-typescript", "virtual:4f1584ad4aba8733a24be7c8aebbffafef25607f2d00f4b314cf96717145c692763628a31c2b85d4686fbb091ff21ebffa3cc337399c042c19a32b9bdb786464#npm:1.0.1"],\
             ["@noble/hashes", "npm:1.0.0"],\
             ["@types/bn.js", "npm:5.1.0"],\
-            ["@types/elliptic", "npm:6.4.12"],\
+            ["@types/elliptic", "npm:6.4.14"],\
             ["@types/eslint-plugin-prettier", "npm:3.1.0"],\
             ["@types/jasmine", "npm:4.0.3"],\
             ["@types/karma-firefox-launcher", "npm:2.1.0"],\
@@ -4447,10 +4447,10 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
         }]\
       ]],\
       ["@types/elliptic", [\
-        ["npm:6.4.12", {\
-          "packageLocation": "./.yarn/cache/@types-elliptic-npm-6.4.12-02ae0f4627-35dc3b6b4b.zip/node_modules/@types/elliptic/",\
+        ["npm:6.4.14", {\
+          "packageLocation": "./.yarn/cache/@types-elliptic-npm-6.4.14-77735f3256-d5a64f540e.zip/node_modules/@types/elliptic/",\
           "packageDependencies": [\
-            ["@types/elliptic", "npm:6.4.12"],\
+            ["@types/elliptic", "npm:6.4.14"],\
             ["@types/bn.js", "npm:5.1.0"]\
           ],\
           "linkType": "HARD"\
diff --git a/.yarn/cache/@types-elliptic-npm-6.4.12-02ae0f4627-35dc3b6b4b.zip b/.yarn/cache/@types-elliptic-npm-6.4.12-02ae0f4627-35dc3b6b4b.zip
deleted file mode 100644
index 3342a7ad..00000000
--- a/.yarn/cache/@types-elliptic-npm-6.4.12-02ae0f4627-35dc3b6b4b.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0647abdfad876b993ec7391a3fc5d6f3bf4f63050345d4bdbe0f2136a431f5b5
-size 4392
diff --git a/.yarn/cache/@types-elliptic-npm-6.4.14-77735f3256-d5a64f540e.zip b/.yarn/cache/@types-elliptic-npm-6.4.14-77735f3256-d5a64f540e.zip
new file mode 100644
index 00000000..1f359871
--- /dev/null
+++ b/.yarn/cache/@types-elliptic-npm-6.4.14-77735f3256-d5a64f540e.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a0b980bc7d60169adc4cc24e3f2ab907befc8252ad290f646a3285b214a90148
+size 4409
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8af0f84..d8d7fabb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,10 @@ and this project adheres to
 
 ### Fixed
 
-- @cosmjs/cosmwasm-stargate: Fix `ContractCodeHistory` decoding when msg contains non-printable ASCII ([#1320]).
+- @cosmjs/cosmwasm-stargate: Fix `ContractCodeHistory` decoding when msg
+  contains non-printable ASCII ([#1320]).
+- @cosmjs/crypto: Bump elliptic version to ^6.5.4 due to
+  [CVE-2020-28498](https://github.com/advisories/GHSA-r9p9-mrjm-926w).
 
 [#1320]: https://github.com/cosmos/cosmjs/pull/1320
 
diff --git a/packages/crypto/package.json b/packages/crypto/package.json
index 1ac84293..9a7f71c8 100644
--- a/packages/crypto/package.json
+++ b/packages/crypto/package.json
@@ -46,13 +46,13 @@
     "@cosmjs/utils": "workspace:^",
     "@noble/hashes": "^1",
     "bn.js": "^5.2.0",
-    "elliptic": "^6.5.3",
+    "elliptic": "^6.5.4",
     "libsodium-wrappers": "^0.7.6"
   },
   "devDependencies": {
     "@istanbuljs/nyc-config-typescript": "^1.0.1",
     "@types/bn.js": "^5",
-    "@types/elliptic": "^6.4.12",
+    "@types/elliptic": "^6.4.14",
     "@types/eslint-plugin-prettier": "^3",
     "@types/jasmine": "^4",
     "@types/karma-firefox-launcher": "^2",
diff --git a/yarn.lock b/yarn.lock
index 204c3bff..a9f0c953 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -450,7 +450,7 @@ __metadata:
     "@istanbuljs/nyc-config-typescript": ^1.0.1
     "@noble/hashes": ^1
     "@types/bn.js": ^5
-    "@types/elliptic": ^6.4.12
+    "@types/elliptic": ^6.4.14
     "@types/eslint-plugin-prettier": ^3
     "@types/jasmine": ^4
     "@types/karma-firefox-launcher": ^2
@@ -462,7 +462,7 @@ __metadata:
     "@typescript-eslint/parser": ^5.13.0
     bn.js: ^5.2.0
     buffer: ^6.0.3
-    elliptic: ^6.5.3
+    elliptic: ^6.5.4
     eslint: ^7.5
     eslint-config-prettier: ^8.3.0
     eslint-import-resolver-node: ^0.3.4
@@ -1455,12 +1455,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/elliptic@npm:^6.4.12":
-  version: 6.4.12
-  resolution: "@types/elliptic@npm:6.4.12"
+"@types/elliptic@npm:^6.4.14":
+  version: 6.4.14
+  resolution: "@types/elliptic@npm:6.4.14"
   dependencies:
     "@types/bn.js": "*"
-  checksum: 35dc3b6b4ba411b2e2ca2dfead45034d1411f5062183ec49270a693b7f2bdff27e3538aae8773a7fce2d04084018a28bacc8a442f578f594fad11431242d87aa
+  checksum: d5a64f540e0ed4b74a12dfa5cc88c0aa7b531eab3b7a9fab17948ffbfc6e01814230e63d7417ce1b607dbd8b5d70e1b64f5afac632deabf96e44875aaac0ae1b
   languageName: node
   linkType: hard
 
@@ -3153,7 +3153,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"elliptic@npm:^6.5.3":
+"elliptic@npm:^6.5.4":
   version: 6.5.4
   resolution: "elliptic@npm:6.5.4"
   dependencies: