Compensation for Victims: Trust Wallet Hackers Steal $170,000.

Trust Wallet, a popular crypto wallet owned by Binance, has revealed a WebAssembly (WASM) vulnerability in its open source library, Wallet Core, which has affected some users. A security researcher reported the vulnerability through Trust Wallet’s bug bounty program in November 2022.

According to the incident update shared by the company, the vulnerability only affected new wallet addresses generated by its browser extension between November 14 and 23, 2022. The vulnerability could allow attackers to execute malicious code on users’ devices and steal their funds.

The weakness was fixed, but $170,000 was lost

Trust Wallet said it fixed the vulnerability within one day of verifying the bounty report and released a security update for its browser extension.

However, despite Trust Wallet’s efforts, two potential vulnerabilities were discovered, resulting in a total loss of approximately $170,000 at the time of the attack.

Trust Wallet has assured its users that it will pay for eligible losses from hacks due to the vulnerability and has established a compensation process for affected users.

The platform also urged affected users to transfer approximately $88,000 remaining on all vulnerable addresses as soon as possible.

Users can check if their wallet addresses are compromised by opening the Trust Wallet browser extension and looking for a warning notice.

The company urged users who see the warning notice to create a new wallet address, transfer their assets, and stop using vulnerable addresses. He also advised users to avoid wallet addresses that they did not create to avoid scammers taking advantage of them.

What actions need to be taken

Trust Wallet also said that those who only used their mobile app, imported wallet addresses into their browser extension, or used its browser extension to create a new wallet before November 14, 2022, or after November 23, 2022, will not be affected. They are.

The platform advised its users to update to the latest version of the app, avoid clicking suspicious links or messages related to their Trust Wallet account, create strong passwords and enable two-factor authentication (2FA), avoid disclosing sensitive information such as recovery phrases or privacy keys to anyone, and download Trust Wallet app from trusted sources like official website or app store.

To avoid their browser extension application being affected by this vulnerability, which could cause losses to their users, Trust Wallet also advised wallet developers who used the Wallet Core library to develop browser extension wallets in 2022 to ensure that they implement the latest version of Wallet Core.