Trust Wallet’s Bug Bounty Program Unearths $170K Security Vulnerability
Trust Wallet, a provider of crypto wallets, has disclosed a security issue that caused users to lose $170,000.
An anonymous security researcher reported the vulnerability via Trust Wallet’s bug bounty program in November 2022.
1/10 Trust Wallet is built on security & trust. So we're sharing a vulnerability affecting new addresses created Nov 14-23,22 using the Browser Extension.
The issue is fixed. Most at-risk funds are secured. Affected users should take actions outlined:
— Trust Wallet (@TrustWallet) April 22, 2023
Trust Wallet was alerted to a WebAssembly vulnerability in its open-source library Wallet Core, which led to two exploits resulting in customer losses.
Users who created new wallet addresses via the browser extension between November 14 and 23, 2022, are vulnerable to the exploit, with all other wallets considered safe.
Trust Wallet has urged owners of the remaining 500 vulnerable addresses, valued at nearly $88,000, to move their assets to new wallet addresses.
Trust Wallet has reimbursed all affected customers and states that the issue is unrelated to the recent 5,000 ETH wallet drain.
The crypto industry has experienced over 20 projects losing investors’ funds due to attacks in 2023, with the DeFi protocol Euler Finance losing $200 million in March. Higher security standards are needed to combat these incidents effectively.