Trust Wallet, a cryptocurrency wallet software, has recently disclosed that it faced a vulnerability issue in its open-source library, Wallet Core, during November 2022. This was due to a WebAssembly (WASM) vulnerability in the Wallet Core that was used in Trust Wallet’s Browser Extension, resulting in the creation of wallet addresses that were vulnerable from November 14 to November 23, 2022.
Trust Wallet team quickly resolved
The Trust Wallet team quickly resolved the vulnerability, however, two potential exploits led to the loss of approximately $170,000 USD. To ensure transparency and protect users, Trust Wallet will reimburse eligible losses suffered by affected users and has set up a reimbursement process for them. Trust Wallet advised affected users to transfer the remaining balance of about $88,000 USD on all vulnerable addresses as soon as possible to prevent any possible scams.
The Trust Wallet mobile apps and Browser Extension’s latest versions are unaffected by the vulnerability, and it is safe to use them. Trust Wallet is committed to maintaining transparency and providing regular updates on the reimbursement process.
To those who created a new wallet address between November 14 and 23, 2022, using the Trust Wallet Browser Extension, their wallet address may be vulnerable. However, for those who only use Trust Wallet mobile apps or imported wallet addresses into the Browser Extension, their wallet addresses are not affected.
TW Browser Extension
Trust Wallet advises users to check their TW Browser Extension for a warning notification. If they see one, they should immediately create a new wallet address, move their assets over, and avoid using the vulnerable addresses. Trust Wallet recommends that users avoid using wallet addresses that they did not create themselves to prevent scams.
For users who noticed abnormal fund movement in late December 2022 and late March 2023, they may be among the few victims suffering from the two exploits. They should carefully read the reimbursement process to understand the next steps.
If you utilized the Wallet Core library for developing Browser Extension wallets in 2022, ensure that you have implemented the latest version of Wallet Core to prevent your Browser Extension app from being affected by this vulnerability, which may result in losses for your users.
Trust Wallet acknowledged the vulnerability in its software and took swift action to resolve it. It will reimburse users who suffered eligible losses as a result of the vulnerability and has created a reimbursement process for them. Trust Wallet continues to work towards improving its security handling and mitigating future vulnerabilities. Users of Trust Wallet’s mobile apps and Browser Extension remain safe and secure to use.