en
Back to the list

Trust Wallet: $170,000 in crypto losses - The Cryptonomist

source-logo  en.cryptonomist.ch 24 April 2023 04:12, UTC

Trust Wallet announced a refund of crypto losses, due to a $170,000 incident. The affected users had created their wallet addresses between 14 and 23 November 2022, through a browser extension.

Trust Wallet and reimbursement for crypto addresses created between 14 and 23 November 2022

In a roundup of tweets, Binance‘s official non-custodial multi-currency wallet, Trust Wallet, revealed two likely exploits that caused crypto losses amounting to $170,000 to its users.

8/10 We apologize for any inconvenience & are working to rectify this for affected users. Sincere thanks to White-hat community for invaluable contributions via bug bounty. We welcome more submissions & appreciate your support in keeping our ecosystem secure!

— Trust Wallet (@TrustWallet) April 22, 2023

Specifically, users who had created their wallet addresses between 14 and 23 November 2022, through the browser extension, appear to have been subject to a vulnerability. Not only that, the breach of that vulnerability led to two exploits and a total loss of $170,000.

Currently, 500 crypto addresses remain vulnerable and a total balance of $88,000 remains to be repaid.

Trust Wallet discovered the problem through its bug bounty program. A security researcher reported a WebAssembly vulnerability in the open-source Wallet Core library in November 2022.

Summary

Trust Wallet and the remedy to the $170,000 crypto incident

Continuing with the information posted on Twitter, Trust Wallet specified that the delay in this communication was to prevent other immediate attacks.

This is why it is believed that the crypto incident has now been corrected. Affected users were told by Binance Wallet to immediately move funds received as reimbursement to a new Trust Wallet address to be created.

Not only that, the company said it has been aggressively sending 1-1 notifications to hacked addresses in recent months, resulting in significant fund transfers to secure and expanding addresses.

However, the two disclosed exploits are not both attributable to wallet addresses created between 14 and 23 November 2022. In fact, it is likely that the second exploit was found in late December 2022 and late March 2023.

Support for 4.5 million assets, including NFTs

Binance’s crypto wallet currently supports 65 blockchains such as Bitcoin, Ethereum, Tron, and Ripple and has 4.5 million assets, including dApps and NFTs.

Moreover, Trust Wallet is a non-custodial wallet, meaning it allows users to own and control private keys to access their personal funds. Currently, there are 10 million active users on the platform.

The rise of Trust Wallet for Bitcoin custody occurred precisely in the post-collapse period of FTX’s crypto-exchange.

Perhaps a coincidence, but it was still November 2022. During that period, Changpeng CZ Zhao also jumped on Twitter several times to promote Trust Wallet.

Not only that, even the wallet token, TWT apparently experienced a price spike in those days, going from $1.1 to $2.2 in 24 hours, and $2.3 the next day. Something that has not held up over time. In fact, at the time of writing, TWT is worth $1.19.

en.cryptonomist.ch