Trust Wallet, a cryptocurrency wallet owned by Binance, has revealed that a vulnerability was discovered in its open-source library, Wallet Core, which affected new wallet addresses generated between November 14 and 23, 2022, through its browser extension. The vulnerability was quickly addressed and fixed within a day of being reported through its bug bounty program. However, two potential exploits occurred, leading to a total loss of approximately $170,000 USD.
In response to the incident, Trust Wallet has created a reimbursement process for affected users and is committed to reimbursing eligible losses resulting from hacks due to the vulnerability. The affected users are urged to move the remaining balance on all the vulnerable addresses as soon as possible.
To determine whether their wallet addresses were affected, users are advised to check the Trust Wallet browser extension. If the notification shows that their wallet addresses are vulnerable, they should create a new wallet address and immediately move their assets over and stop using the vulnerable addresses.
Users who saw abnormal fund movement late December 2022 and late March 2023 may be victims of the two exploits and should carefully read the reimbursement process to understand the next steps.
Trust Wallet also recommended that wallet developers using Wallet Core library for developing browser extension wallets ensure that they have implemented the latest version of Wallet Core to prevent their apps from being affected by this vulnerability.
Trust Wallet has provided a postmortem report detailing the incident, what was done, and what was learned to improve and mitigate security handling, and future steps. The wallet developer has apologized for the inconvenience caused to users and assumed responsibility for its mistakes while working towards rectifying the situation for affected users.
Trust Wallet expressed its gratitude to the security researcher who discovered and reported the vulnerability and sought guidance from prominent industry professionals, including the Ledger Team and Binance Security team, in optimizing best results for its users. The wallet developer has also provided regular updates on the reimbursement process to maintain transparency.
Read more:
- Bitcoin Whales Have Bought 20,000 BTC In The Last 2 Days; Maybe Bullish For The Price
- 4 Critical Dates Throughout 2023 You Should Watch Closely To Track Bitcoin Price Movements
- Historic Bitcoin Wallet With 1,128 BTC From Satoshi Era Reawakens After Dormancy