Trust Wallet has taken responsibility for the security incident and has committed to reimbursing eligible losses for affected users, while also urging them to take immediate action to secure their funds by creating new wallets and transferring their balances.
Trust Wallet, a leading cryptocurrency wallet, has recently disclosed a security vulnerability that has caused considerable losses to some of its users, amounting to nearly $170,000. The incident, which occurred between November 14 and 23, 2022, impacted wallet addresses that were created through the wallet’s browser extension.
The vulnerability was discovered by a security researcher who reported a WebAssembly vulnerability in the open-source library Wallet Core, as part of Trust Wallet’s bug bounty program.
The company has taken swift action to patch the vulnerability and prevent further exploitation. However, the breach has resulted in two separate exploits that led to a total loss of approximately $170,000. As per a postmortem report, there are still around 500 vulnerable addresses with an $88,000 balance that remain at risk. Trust Wallet has acknowledged the severity of the situation and has taken responsibility for the losses incurred by its users.
In response to the security incident, Trust Wallet has announced plans to reimburse eligible users for their losses. The company has created a reimbursement process to ensure that affected users are compensated for the funds they have lost due to the vulnerability. Additionally, Trust Wallet has offered gas fee assistance to cover the costs of fund transfers, in an effort to alleviate any inconvenience caused to the affected users.
Trust Wallet has been proactive in communicating with its users and has urged them to take necessary action to safeguard their funds. Users who have experienced abnormal fund movement in late December 2022 and late March 2023 may be among those affected by the exploits. The company has notified users with vulnerable addresses through its browser extension and has advised them to create new wallets and transfer their funds to ensure their security
Furthermore, Trust Wallet has emphasized the importance of keeping software and libraries up to date to prevent security vulnerabilities. Developers who used the Wallet Core library in 2022 have been strongly recommended to implement the latest version of the library to ensure that their applications are not susceptible to known vulnerabilities. The company has also worked closely with Binance, the popular cryptocurrency exchange, to notify affected wallet addresses and coordinate efforts to mitigate the impact of the security incident.
It is worth noting that this incident is not an isolated occurrence in the cryptocurrency industry. Recently, there have been other instances of security breaches and exploits targeting various wallets and platforms, resulting in significant losses for users. For example, a separate exploit targeting veterans in the crypto community has drained almost $11 million in nonfungible tokens and cryptocurrencies from various addresses across 11 blockchains since December 2022. Initially, the attack was attributed to an exploit in the MetaMask wallet, but the company later denied the claim.
Despite the growing popularity of decentralized finance (DeFi) and the increasing adoption of cryptocurrencies, the industry is not immune to security risks. The rapid development and volatility of the crypto space, including the DeFi sector, can present challenges in ensuring robust security measures. However, it is crucial for wallet providers, exchanges, and other stakeholders in the cryptocurrency ecosystem to prioritize security and take prompt action to address vulnerabilities and protect users’ funds.