Trust Wallet has announced it will compensate users who suffered a loss in its recent $170,00 exploit due to a security vulnerability.
1/10 Trust Wallet is built on security & trust. So we’re sharing a vulnerability affecting new addresses created Nov 14-23,22 using the Browser Extension.
The issue is fixed. Most at-risk funds are secured. Affected users should take actions outlined:
➡️https://t.co/X9AEfqWW87— Trust Wallet (@TrustWallet) April 22, 2023
Trust Wallet noted through its bug bounty program that a security researcher discovered a WebAssembly (WASM) vulnerability in its open-source library, Wallet Core, in November 2022.
The Trust Wallet Browser Extension leverages WASM in the Wallet Core and the new wallet addresses generated by the Browser Extension between November 14 and November 23, 2022, reportedly include this vulnerability.
Trust Wallet notified users that if their wallet addresses are vulnerable, they will be able to see a warning notification in the Browser Extension.
Users who used the Wallet Core library for developing Browser Extension wallets in 2022 must ensure they have deployed the latest version of Wallet Core to prevent the Browser Extension app from being affected by this vulnerability. Trust Wallet advised impacted users to transfer the remaining $88,000 USD balances from the vulnerable addresses immediately.
Exploits have been rampant this month with decentralized platforms being the main target. Recently, DeFi platforms Aave and Yearn Finance suffered an exploit, with the attacker draining over $10M in stablecoins.
Compiled by Coinbold