Trust Wallet reported a WebAssembly (WASM) vulnerability that led to the loss of $170,000.
In an April 22 statement, the crypto wallet provider revealed that the vulnerability affected wallets generated by its browser extension between Nov. 14 – 23, 2022. An unnamed security researcher reported the vulnerability in November 2022 through the Trust Wallet bug bounty program.
The company said it delayed this disclosure to prevent immediate attacks and reduce potential breaches. Despite the delay, the vulnerability was exploited twice and led to a loss of around $170,000.
However, this vulnerability does not affect Trust Wallet mobile app users or those who imported their wallets into the browser extension. It also does not affect those who created new wallet addresses via the extension before Nov. 14 or after Nov. 23, 2022.
Meanwhile, Trust Wallet added that the vulnerability was unrelated to the one MyCrypto founder Taylor Monahan reported. Monahand had claimed that about 5000 ETH was stolen from numerous users’ wallets recently.
Trust Wallet to Reimburse Affected Users
The Binance-backed wallet assured that it would refund impacted users’ stolen funds. The firm said it created a reimbursement system that would notify these users via notifications through their browser extensions.
Trust Wallet further warned that there was still about $88,000 in some vulnerable addresses. The team urged users with these addresses to withdraw their funds immediately.
Following the incident, Trust Wallet said it increased its security audits and audit coverage over the last few months to five times more to prevent a recurrence.
Crypto-Related Exploits Are Rising
Following a quiet start to the year, crypto exploits have picked up steam in the past few weeks, starting with a Euler Finance hack in March.
DeFi protocols like Allbridge, Sentiment, Hundred Finance, and Yearn Finance were exploited during the first two weeks of April. According to DeFillama data, these attacks resulted in more than $20 million in losses.
Wired recently reported that North Korea-backed hackers used a software supply-Chain attack to target and exploit some crypto companies. The report noted that these hackers were hiding malicious codes in the installer for a VoIP application known as 3CX.
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.