Trusted

Trust Wallet Users Lose $170,000 to Vulnerability

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Trust Wallet has resolved a vulnerability in its Wallet Core discovered by a security researcher in November 2022.
  • The vulnerability was exploited twice and led to the loss of $170,000.
  • The wallet service provider has promised to refund the stolen funds of affected users.
  • promo

Trust Wallet reported a WebAssembly (WASM) vulnerability that led to the loss of $170,000.

In an April 22 statement, the crypto wallet provider revealed that the vulnerability affected wallets generated by its browser extension between Nov. 14 – 23, 2022. An unnamed security researcher reported the vulnerability in November 2022 through the Trust Wallet bug bounty program.

The company said it delayed this disclosure to prevent immediate attacks and reduce potential breaches. Despite the delay, the vulnerability was exploited twice and led to a loss of around $170,000.

However, this vulnerability does not affect Trust Wallet mobile app users or those who imported their wallets into the browser extension. It also does not affect those who created new wallet addresses via the extension before Nov. 14 or after Nov. 23, 2022. 

Meanwhile, Trust Wallet added that the vulnerability was unrelated to the one MyCrypto founder Taylor Monahan reported. Monahand had claimed that about 5000 ETH was stolen from numerous users’ wallets recently.

Trust Wallet to Reimburse Affected Users

The Binance-backed wallet assured that it would refund impacted users’ stolen funds. The firm said it created a reimbursement system that would notify these users via notifications through their browser extensions.

Trust Wallet further warned that there was still about $88,000 in some vulnerable addresses. The team urged users with these addresses to withdraw their funds immediately.

Following the incident, Trust Wallet said it increased its security audits and audit coverage over the last few months to five times more to prevent a recurrence.

Crypto-Related Exploits Are Rising

Following a quiet start to the year, crypto exploits have picked up steam in the past few weeks, starting with a Euler Finance hack in March.

DeFi protocols like Allbridge, Sentiment, Hundred Finance, and Yearn Finance were exploited during the first two weeks of April. According to DeFillama data, these attacks resulted in more than $20 million in losses.

Crypto exploits in April
Crypto Exploits in April (Source: DeFillama)

Wired recently reported that North Korea-backed hackers used a software supply-Chain attack to target and exploit some crypto companies. The report noted that these hackers were hiding malicious codes in the installer for a VoIP application known as 3CX. 

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Oluwapelumi-Adejumo.png
Oluwapelumi Adejumo
Oluwapelumi Adejumo is a journalist at BeInCrypto, where he reports on a broad range of topics including Bitcoin, crypto exchange-traded funds (ETFs), market trends, regulatory shifts, technological advancements in digital assets, decentralized finance (DeFi), blockchain scalability, and the tokenomics of emerging altcoins. With over three years of experience in the industry, his works have been featured in major crypto media outlets such as CryptoSlate, Coinspeaker, FXEmpire, and Bitcoin...
READ FULL BIO
Sponsored
Sponsored