Security Breach Addressed: Trust Wallet Users to Be Compensated
Trust Wallet, a leading provider of secure wallet software, has announced that it has addressed a WebAssembly (WASM) vulnerability affecting a small number of users. The vulnerability was reported by a security researcher in November 2022 through the company's bug bounty program and affected new wallet addresses generated between November 14 and 23, 2022, by the Trust Wallet Browser Extension.
Trust Wallet took swift action to patch the vulnerability, and all addresses created after those dates are safe. However, the company detected two potential exploits, resulting in a total loss of approximately $170,000 USD. Trust Wallet has committed to reimbursing eligible users affected by hacks due to the vulnerability and has set up a reimbursement process for those impacted.
Users not affected by the vulnerability include those who only use Trust Wallet mobile apps, only imported wallet addresses into the Browser Extension, or only used the Browser Extension to create a new wallet before November 14, 2023, or after November 23, 2022. Affected users will receive a notification in the Browser Extension.
Trust Wallet advises users who see the warning notification to create a new wallet address and immediately move their assets to it, discontinuing the use of vulnerable addresses. Wallet developers using the Wallet Core library in 2022 for Browser Extension wallets should also ensure they have implemented the latest version of Wallet Core to prevent any impact on their users.
Trust Wallet has published a postmortem detailing the incident, steps taken to address the vulnerability, and lessons learned to improve security handling. The company has assumed responsibility for its mistakes and is working to rectify the situation for affected users. Trust Wallet also expressed appreciation for the security researcher who discovered the vulnerability and the assistance provided by the Ledger Team and Binance Security Team in addressing the issue.
Users not affected by the vulnerability include those who only use Trust Wallet mobile apps, only imported wallet addresses into the Browser Extension, or only used the Browser Extension to create a new wallet before November 14, 2023, or after November 23, 2022. Affected users will receive a notification in the Browser Extension.
Trust Wallet advises users who see the warning notification to create a new wallet address and immediately move their assets to it, discontinuing the use of vulnerable addresses. Wallet developers using the Wallet Core library in 2022 for Browser Extension wallets should also ensure they have implemented the latest version of Wallet Core to prevent any impact on their users.
Trust Wallet has published a postmortem detailing the incident, steps taken to address the vulnerability, and lessons learned to improve security handling. The company has assumed responsibility for its mistakes and is working to rectify the situation for affected users. Trust Wallet also expressed appreciation for the security researcher who discovered the vulnerability and the assistance provided by the Ledger Team and Binance Security Team in addressing the issue.
