Trust wallet was exploited for $170k, affected users will be reimbursed. The wallet disclosed a WebAssembly (WASM) vulnerability in its open-source library, Wallet Core, which affected some users.
Fast facts
- Trust Wallet Exploited for $170k according to the platform a reimbursement process for affected users is in place.
- The wallet disclosed a WebAssembly vulnerability in its open-source framework, Wallet Core, which affected some of its users.
Trust Wallet, a popular Binance-owned cryptocurrency wallet, has disclosed a WebAssembly (WASM) vulnerability in its open-source module, Wallet Core, which affected some users.
According to an incident report issued by the firm, the vulnerability only affected new wallet addresses generated by its browser extension between November 14 and November 23, 2022. The vulnerability could allow attackers to execute malicious malware on users’ devices and take their funds.
Trust Wallet stated that it patched the vulnerability within one day of receiving the bounty report and published a security upgrade for its browser extension.
Despite Trust Wallet’s efforts, two potential exploits were discovered, resulting in a total loss of about $170,000.
Trust Wallet has promised its users that it will cover eligible damages incurred as a result of the vulnerability and that a reimbursement process is in place to compensate impacted users.
The platform has also recommended that affected users relocate the approximately $88,000 remaining on all susceptible addresses as soon as possible.
Users can check if their wallet addresses are exposed by activating their Trust Wallet browser extension and looking for a warning signal.
“You are affected if receive a warning notification about this vulnerability in the Browser Extension and created the wallet address in Extension between Nov 14-23, 2022.”
Users who get the warning notification are recommended to create a new wallet address, relocate their assets, and stop using vulnerable addresses. It also warned users to avoid using wallet addresses they did not generate in order to avoid being exploited by criminals.
Actions to take
Trust Wallet also stated that people who just used its mobile app, imported wallet addresses into its browser extension, or used its browser extension to establish a new wallet before Nov. 14, 2022, or after Nov. 23, 2022, are not affected by this vulnerability.
Users were advised to update to the latest app version, avoid clicking on suspicious links or messages related to their Trust Wallet account, create strong passwords and enable 2-factor authentication (2FA), avoid disclosing sensitive information such as recovery phrases or private keys to anyone, and download the Trust Wallet app from trusted sources such as its official website or app store.
Trust Wallet also advised wallet developers who used the Wallet Core library to develop browser extension wallets in 2022 to ensure they have implemented the most recent version of Wallet Core to avoid having their browser extension app affected by this vulnerability, which could result in losses for their users.
Featured image: Shutterstock
Dominic Jubemi is primarily into legal practice. However, he has taken interest in building and grooming fundamental skills in FX and Crypto trading, audio engineering and in the nearest future, fiction writing.
