Trust Wallet Offers Reimbursement for Users Affected by Vulnerability, Old Accounts Remain Vulnerable to Hacking

Trust Wallet has recently announced that it has resolved a vulnerability that could have jeopardized users’ funds.

Although the popular crypto wallet team took a few days to fix the issue, it has been several months since the vulnerability was discovered, and Trust Wallet did not disclose the matter publicly.

The wallet advises impacted users to transfer their funds to a new wallet address to safeguard them.

The vulnerability had an impact on users who created a digital wallet using the Trust Wallet browser extension from November 13 to November 23, 2022, but only browser wallets created after November 23 can benefit from the fix.

According to a blog post from Trust Wallet, affected users must transfer their funds to new, unaffected wallet addresses to safeguard themselves from the vulnerability.

The wallet project claims to have done everything in its power to alert users and help them reduce the risk of possible attacks.

The vulnerability was initially identified by a security researcher in the wallet’s open-source library, which put private keys at risk.

While most of the affected users’ funds have been secured, Trust Wallet confirms that $88,300 is still at risk.

A small number of users have been affected, and the wallet team has promised to compensate them. Trust Wallet also took to Twitter to make this announcement.

The project stated on Twitter that despite its best efforts to reduce the loss, it was able to detect two potential exploits that resulted in a total loss of $170,000. As a result, the team created a reimbursement process to compensate affected users.

Once the vulnerability was fixed and new wallets were no longer at risk, the team had to decide whether to publicly disclose the vulnerability, according to Decrypt.

Their primary concern was to minimize potential losses for users and maintain the sole ownership of their assets. For this reason, they chose to communicate with users privately, using multiple rounds of push notifications and in-app warnings every minute. The messages included clear instructions on how users could transfer their assets to a secure location.

Trust Wallet not only provided customer support to users affected by the vulnerability, but also reimbursed around $7,700 in gas fees for users transferring their funds to uncompromised wallets.

In addition, the project reached out to Binance for help in identifying users who had funds that could be traced back to the exchange.

Trust Wallet was careful to protect users’ privacy and did not share any personally identifiable information with the exchange.

The Trust Wallet team expressed gratitude to Binance’s security team for their assistance in triaging the issue, conducting risk assessments, and communicating with the security researcher.

The project had considered making a public statement about the vulnerability in November, but ultimately delayed it to April due to concerns that a premature disclosure could expose remaining wallets to exploitation by bad actors.

Instead, Trust Wallet provided affected users with more time to secure their funds before issuing a public warning.

In a previous interview with UNLOCK Blockchain, Eowyn Chen, CEO of Trust Wallet, explained that the team is dedicated to fostering a culture of openness, transparency, and inclusivity in the web3 space, and is actively working to create the conditions for sustainable growth and success. 

The full interview is available here.