Cryptocurrency Wallet Trusted Wallet revealed a security vulnerability that resulted in nearly 170,000 losses for some users. The vulnerability has been patched, according to the company.
Trust Wallet found out about the issue through its bug bounty program. A security researcher reported a WebAssembly (WASM) vulnerability in the open source Wallet Core library in November 2022. New wallet addresses generated "between November 14 and 23, 2022 by Browser Extension contain this vulnerability", the company said in a statement, adding that all addresses created before and after those dates are safe.
1/10 Trust Wallet is built on security and trust. Therefore, we share a vulnerability that affects new addresses created from November 14 to 23, 2022 with the browser extension.
The problem is solved. Most of the funds at risk are insured. Affected users should take the measures described:
โก๏ธhttps://t.co/X9AEfqWW87โ Trust Wallet (@TrustWallet) April 22, 2023
The breach resulted in two exploits that led to a total loss of nearly $170,000. Approximately 500 vulnerable addresses remain with a balance of $88,000, according to a postmortem report. Affected customers will be offered a refund and gas rate assistance to cover the costs of fund transfers. According to Trust Wallet:
"We want to assure users that we will refund eligible losses from attacks due to the vulnerability and have created a refund process for affected users. And we urge affected users to move the remaining balance of ~$88,000 USD in all directions vulnerable as soon as possible. possible."
Users who experienced abnormal movement of funds in late December 2022 and late March 2023 may be among the victims affected by the two exploits.
The company urged affected customers to create a new wallet and transfer funds. Users with vulnerable addresses will be notified via the Trust Wallet browser extension, the company said. For developers who used the Wallet Core library in 2022, the latest version must be deployed. The affected Binance wallet addresses were previously notified via the crypto exchange.
Another recently revealed exploit drained nearly $11 million in non-fungible tokens (NFTs) and multi-address cryptocurrencies on 11 blockchains since December of last year, targeting veterans of the crypto community. The attack was initially attributed to an exploit in the MetaMask wallet, which was later denied by the company.
Magazine: 'Account Abstraction' Supercharges Ethereum Wallets: Dummy's Guide
Post navigation
