Subscribe to our newsletter!
Editing by Nathaniel Cajuday
- Trust Wallet issued an update to address a WebAssembly vulnerability in its open-source library Wallet Core that led to $170,000 in user losses.
- Those who noticed an unusual movement of funds in the months of December 2022 and March 2023 may be among the group of users who were impacted by the two exploits, the crypto wallet noted.
- To compensate, affected users will be provided with a refund and gas fee assistance to help them with the expenses related to transferring their funds.
To address the WebAssembly (WASM) vulnerability discovered on its open-source library Wallet Core that led to almost $170,000 in total losses, cryptocurrency wallet Trust Wallet issued an update, assuring its users that their funds are safe and that reimbursements for affected users are now in order.
The vulnerability was discovered by a security researcher through Trust Wallet’s bug bounty program in November 2022. As per the report, the vulnerability affected wallet addresses generated by the browser extension between November 14 and 23, 2022.
To resolve this, the developers patched the vulnerability to ensure that all addresses generated after November 23 are secure.
“We apologize for the loss and inconvenience caused to users and assume responsibility for our mistakes while working towards rectifying the situation for affected users. As valid claims come in, we will process as quickly as possible and periodically provide updates. To maintain transparency in the reimbursement process, we will provide regular updates here below,” Trust Wallet wrote.
The good news is that users who only used Trust Wallet mobile apps or only imported their wallet addresses into the browser extension are not affected by this vulnerability. Additionally, if users only utilized the browser extension to create a new wallet before November 14, 2022, or after November 23, 2022, their wallet addresses were not impacted.
However, the crypto wallet also instructed its users in case their wallets are affected by the vulnerability. If users do not see a warning notification, their wallet addresses are safe to use and are not affected by the vulnerability. However, if the notification is visible, users are advised to create a new wallet address and transfer their assets immediately.
Meanwhile, for the individuals who noticed an unusual movement of funds in the months of December 2022 and March 2023, Trust Wallet noted that they may be among the group of users who were impacted by the two exploits. The postmortem report even said that there are still around 500 vulnerable addresses with an outstanding balance of $88,000.
To solve this, the crypto wallet assured that the affected users would be provided with a refund and gas fee assistance to help them with the expenses related to transferring their funds.
The reimbursement process for lost funds will be:
- Step 1: Visit the claims page of Trust Wallet.
- Step 2: Fill out and submit the claims form.
- Step 3: Wait if the claim is validated.
- Step 4: Once validated, one of the wallet’s customer support leads will contact the user to determine where and when the reimbursed funds will go.
To learn more about the FAQs on how to reimburse, go here.
Last month, Trust Wallet announced a partnership with Ledger, a hardware wallet provider, to integrate Ledger’s hardware support into the Trust Wallet Browser Extension. The collaboration will allow users to access web3 while keeping their private keys offline, leveraging the seamless functionality of Trust Wallet.
“Security is our top priority. While there’s no 100% security, we own our mistakes and improve to prevent, mitigate, and resolve issues swiftly. We’re committed to providing a secure, reliable platform for our users. Thank you for your understanding and support!” the wallet concluded.
This article is published on BitPinas: Trust Wallet Assures Reimbursement for Users Affected by $170K-Worth Exploit
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.