Trust Wallet to Compensate Users Following a $170,000 Security Breach

2023-04-22

Summary:
  • A security vulnerability in the Trust Wallet browser extension resulted in nearly $170,000 in losses for users who created wallet addresses between November 14-23. The issue has been resolved, and affected users have been urged to take action.

  • The vulnerability was discovered via the company's bug bounty program, after a security researcher reported a WebAssembly (WASM) vulnerability in the open-source Wallet Core library in November 2022.

  • The breach led to two exploits that resulted in a total loss of nearly $170,000. Approximately 500 vulnerable addresses remain with an $88,000 balance.

  • Trust Wallet will reimburse eligible losses due to the vulnerability and will offer gas fee assistance to cover the costs of fund transfers.

  • Users who experienced abnormal fund movement in late December 2022 and late March 2023 may have been affected by the two exploits.

  • Trust Wallet recommends that affected users create a new wallet and transfer funds, and developers who used Wallet Core library in 2022 should implement the latest version.

  • A similar exploit that targeted veterans in the crypto community drained almost $11 million in nonfungible tokens (NFTs) and cryptocurrencies from various addresses across 11 blockchains since December last year.



Full article:

The vulnerability impacted wallet addresses created through the browser extension between November 14-23, resulting in nearly $170,000 in losses.

Crypto wallet Trust Wallet disclosed a security vulnerability that resulted in nearly 170,000 losses for some users. The vulnerability has been patched, according to the company.

Trust Wallet found out about the issue through its bug bounty program. A security researcher reported a WebAssembly (WASM) vulnerability in the open-source library Wallet Core in November 2022. New wallet addresses generated "between November 14 and 23, 2022 by Browser Extension contain this vulnerability," said the company in a statement, adding that all addresses created before and after those dates are safe.

The breach resulted in two exploits that led to a total loss of nearly $170,000. Approximately 500 vulnerable addresses remain with an $88,000 balance, according to a postmortem report. Affected users will be offered a refund and gas fee assistance to cover the costs of fund transfers. According to Trust Wallet:

"We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users to move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."

Users who experienced abnormal fund movement in late December 2022 and late March 2023 may be among the victims affected by the two exploits.

The company urged affected customers to create a new wallet and transfer funds. Users with vulnerable addresses will be notified through the Trust Wallet browser extension, said the company. For developers who used Wallet Core library in 2022, the latest version should be implemented. Affected wallet addresses from Binance were previously notified through the crypto exchange.

Another recently unveiled exploit drained almost $11 million in nonfungible tokens (NFTs) and cryptocurrencies from various addresses across 11 blockchains since December last year, targeting veterans in the crypto community. The attack was initially attributed to an exploit in the MetaMask wallet, which was later denied by the company.

Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide



Source: cointelegraph.com

Promoted Promote

Promoted
Promote
Name Symbol SYM Chain Market Cap Launch Votes