Trust Wallet, a popular crypto wallet, identified and fixed a major WebAssembly (WASM) vulnerability in its core wallet software library. The issue affected wallet addresses on Ethereum and other blockchains generated between November 14 and November 23, 2022 via the Trust Wallet browser extension.
“The problem has been solved,” the project reads said on Twitter. “Most risky funds are secured.”
WebAssembly is a computer code format that allows developers to use multiple programming languages to build web applications, including applications used in crypto wallets. The discovered vulnerability was present in the wallet’s core software library, which used the WASM format to facilitate the user’s creation of their crypto wallet within the browser extension.
$170,000 lost due to the vulnerability
The Binance-backed wallet project stated in the post that after discovering the issue, it resolved the issue. However, two exploits were detected. This resulted in an estimated loss of about $170,000 due to possible hacks that took advantage of the problem, such as mention in an official post on the project’s community forum.
Trust Wallet also emphasized that the vulnerability did not affect users who exclusively used the Trust Wallet mobile app, imported wallets into the browser extension using seed phrases from other wallet applications, or created new wallet addresses through the extension before November 14 or after November 23. , 2022.
In the community after, the team clarified that it had strengthened the security of its portfolio product by conducting more frequent security audits and engaging third-party auditors to review their security measures. The project reiterated its commitment to providing its users with a secure wallet application.
“While there is no 100% security, we own our mistakes and are improving to prevent, mitigate and resolve issues quickly.” added on Twitter. “We are committed to providing our users with a secure, reliable platform.”
Trust Wallet added that it would issue refunds and created a refund system to support affected users. Such users will receive notifications through the browser extension, it added.
The team further clarified that the issue was not related to any recent security breach incident highlighted by MyCrypto founder Taylor Monahan, in which she claimed that more than 5,000 ETH ($10 million) had been mysteriously stolen from multiple users’ wallets.
© 2023 The Block Crypto, Inc. All rights reserved. This article is for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial or other advice.
