Trust Wallet fixes vulnerability after $170,000 in user losses, plans reimbursements

Security • April 22, 2023, 7:40AM EDT
UPDATED: April 23, 2023, 3:13PM EDT
The Block

Quick Take

  • Trust Wallet said it resolved a significant vulnerability in its core wallet software library.
  • The issue impacted wallet addresses generated through the browser extension between Nov. 14 and Nov. 23, 2022.
  • The team stated that the vulnerability led to a total loss of about $170,000 for a few users.

Trust Wallet, a popular crypto wallet, identified and resolved a major WebAssembly (WASM) vulnerability within its core wallet software library. The issue impacted wallet addresses on Ethereum and other blockchains generated through the Trust Wallet browser extension between Nov. 14 and Nov. 23, 2022.

"The issue is fixed," the project said on Twitter. "Most at-risk funds are secured."

WebAssembly is a computer code format that lets developers use multiple programming languages to build web applications, including those used in crypto wallets. The discovered vulnerability was present in the wallet's core software library, which employed the WASM format to facilitate the user creation of their crypto wallets within the browser extension. 

$170,000 lost due to the vulnerability

The Binance-backed wallet project stated in the post that, upon discovering the issue, it addressed the problem. However, two exploits were detected. This resulted in an estimated loss of about $170,000 due to potential hacks leveraging the issue, as stated in an official post on the project's community forum.

Trust Wallet also emphasized that the vulnerability did not impact users who exclusively utilized the Trust Wallet mobile app, imported wallets into the browser extension using seed phrases from other wallet applications or created new wallet addresses via the extension before Nov. 14 or after Nov. 23, 2022. 

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In the community post, the team clarified that it had bolstered the security of its wallet product by conducting more frequent security audits and engaging external auditors to assess their security measures. The project reiterated its commitment to providing a secure wallet application for its users.

"While there's no 100% security, we own our mistakes and improve to prevent, mitigate, and resolve issues swiftly," it added on Twitter. "We're committed to providing a secure, reliable platform for our users."

Trust Wallet added that it would issue refunds and has created a reimbursement system to support affected users. Such users will receive notifications through the browser extension, it added.

The team further clarified that the issue was not connected to a recent security incident flagged by MyCrypto founder Taylor Monahan, in which she claimed that over 5,000 ETH ($10 million) had been mysteriously stolen from multiple user wallets.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Adam James at
[email protected]