Users of Trust Wallets Lose $170,000 Due to Vulnerability

A vulnerability in Trust Wallet’s Wallet Core was discovered by a security researcher in November 2022.

The crypto wallet provider disclosed on April 22 that the vulnerability affected purses generated by its browser extension between November 14 and November 23, 2022. In November 2022, an unidentified security researcher disclosed the vulnerability through the Trust Wallet bug bounty program.

The company stated that it deferred the release of this information to prevent immediate attacks and reduce potential security violations. Despite the delay, the vulnerability was exploited twice, resulting in approximately $170,000 in losses.

However, neither Trust Wallet mobile app users nor those who imported their accounts into the browser extension are affected by this vulnerability. Those who created new wallet addresses using the extension prior to November 14 or after November 23, 2022, are also unaffected.

Taylor Monahan, the proprietor of MyCrypto, disclosed the vulnerability. However, Trust Wallet stated that the vulnerability was unrelated to the one reported by Monahan. Monahand claimed that approximately 5,000 ETH were recently taken from the wallets of multiple users.

The wallet sponsored by Binance guaranteed it would refund stolen funds to affected users. The company stated it had developed a reimbursement system that would notify consumers via browser extension notifications.

Trust Wallet warned that approximately $88,000 remained in some vulnerable addresses. The team implored users with these addresses to promptly withdraw their funds.

Trust Wallet stated that it has increased its security audits and audit coverage fivefold over the past few months to prevent a recurrence.

Following a relatively calm start to the year, crypto exploits have gained momentum over the past few weeks, beginning with an attack on Euler Finance in March.

During the first two weeks of April, DeFi protocols such as Allbridge, Sentiment, Hundred Finance, and Yearn Finance were exploited. According to data from DeFillama, these assaults caused more than $20 million in damages.

Wired recently reported that hackers sponsored by North Korea targeted and exploited several crypto companies using a software supply-chain attack. According to the report, these hackers concealed malicious code within the installer for the 3CX VoIP application.

Also Read: BitBoy Crypto Was Referred To The FBI Following A Failed Court Appearance