- Trust Wallet found a vulnerability that affected wallets that were created between November 14 and 23, 2022 through its browser extension.
- This vulnerability resulted in a loss of US$170,000.
- Despite their efforts, there are still approximately 500 vulnerable addresses, which adds up to $88,000 USD at risk.
On April 22 the crypto company, Trust Wallet, rrevealed that they had found a vulnerability that affected wallets that were created between November 14 and 23, 2022 through its browser extension.
Apparentlyit was a vulnerability in WebAssembly (WASM). This is a low-level binary format for executing code on the web, and if a hacker manages to inject code into a WebAssembly module, they can steal sensitive data.
How was the fault detected?
According to the Trust Wallet statement, in November 2022, Trust Wallet learns of the vulnerability thanks to its bug bounty program. An investigator found the bug and notified the company.
The WebAssembly vulnerability primarily affected the Trust Wallet browser extension because it uses WASM, therefore, absolutely all wallet addresses that were generated between November 14 and 23, 2022 are vulnerable.
The company argues that they did not notify the incident earlier because they wanted to avoid immediate attacks and thus reduce losses. Nonetheless, $170,000 US dollars were lost.
However, they did emphasize having communicated the vulnerability to affected users through rounds of mobile notifications and warnings that appeared in the app repeatedly. These were accompanied with instructions to successfully transfer the funds.
Trust Wallet customers still not safe
In the blog post, Trust Walle explained that:
“PTo be free of the vulnerability, users must migrate their assets from affected wallet addresses to new, unaffected wallet addresses. In these circumstances, we take all possible steps to inform users and help them mitigate the risk of potential attacks.”.
TO Despite their efforts, there are still approximately 500 vulnerable addresses, which adds up to $88,000 USD at risk.
It is precisely for this reason that the company urged all affected users who are still at risk to move the remaining balance as soon as possible.
Funds will be refunded
The crypto company assured that eligible losses from attacks due to the vulnerability will be reimbursed. It will also seek to cover the costs of fund transfers.
Therefore, any user who has experienced an abnormal movement of funds between the end of December 2022 and March 2023, may have been caused by the vulnerability and their funds should be refunded.
Your wallet addresses were not affected by this vulnerability in the following scenarios: If you only use the Trust Wallet mobile app, if you only imported wallet addresses in the Browser Extension, if you only used the Browser Extension to create a new wallet before on or after November 14, 2022, on or after November 23, 2022.
For affected users, Trust Wallet recommended generating a new wallet address and immediately moving the funds. He also offered a tutorial.
You might be interested in: