Trust Wallet resolves vulnerability that led to $170,000 in user losses

Share IT

Key takeaways:

  • Trust Wallet announced the resolution of a critical vulnerability in its main wallet software code.
  • The bug affected wallet addresses generated by the browser extension between November 14 and November 23, 2022.
  • The vulnerability has been abused twice, resulting in a $170,000 loss.

Trust Wallet disclosed a WebAssembly (WASM) vulnerability that resulted in a $170,000 loss. The crypto wallet service said in a statement on April 22 that the issue affects wallets created by its browser extension between November 14 and September 23, 2022.

 The vulnerability was disclosed in November 2022 via the Trust Wallet bug bounty scheme by an unidentified security researcher. New wallet addresses created between November 14 and November 23, 2022 by the Trust Wallet Browser Extension include this vulnerability. WASM is used in Wallet Core. 

WebAssembly is a computer code standard that allows developers to create Web apps in a range of programming languages. This includes the language used to generate cryptocurrency wallets.

The company explained in the community post that it had improved the security of its wallet product by carrying out security audits more frequently and hiring outside auditors to assess its security precautions. The initiative confirmed its commitment to giving its consumers a safe wallet application.

In order to assist harmed users, Trust Wallet announced plans to offer refunds and set up a reimbursement scheme. Users will receive notices via the browser extension.

Additionally, Trust Wallet emphasised that users who only used the Trust Wallet mobile app, imported wallets into the browser extension using seed phrases from other wallet applications, or created new wallet addresses via the extension prior to November 14 or subsequent to November 23, 2022 were not affected by the vulnerability. 

Trust claimed to have developed a compensation system that would send messages to these users via their browser extensions.

There was still roughly $88,000 in certain insecure addresses, Trust Wallet further cautioned. Users with these addresses were instructed by the team to withdraw the funds right away.

The crypto space has been witnessing heightened numbers of wallet breaches lately.  Just last month, it was reported that 2,400 Wallets were Compromised in Arbitrum Airdrop

In February alone, renowned names in the industry like Algorand and Edge wallet had to navigate security flaws in order to manage their way out of exploits and wallet breaches.

Share IT
Aadrika Sharma
Aadrika Sharma

I enjoy writing and try to learn new things every passing day!

Get Daily Updates

Crypto News, NFTs and Market Updates

Claim Your Free Trading Guide

Sign up for newsletter below and get your free crypto trading guide.

Can’t find what you’re looking for? Type below and hit enter!