Trust wallet has lost $170,000 in user funds due to a vulnerability in its core wallet software library. The incident occurred spontaneously, but attackers leveraged it to steal users’ funds from the wallet.
The vulnerability affected wallet addresses generated through the browser extension version between Nov. 14 and Nov. 23, 2022. As a result, users with such wallet addresses lost a total of $170,000 in funds. The team has since discovered and resolved the WebAssembly (WASM) vulnerability, according to a tweet earlier today.
Trust is a top wallet used for many things ranging from buying and selling crypto to trading of non-fungible tokens (NFTs). The Binance-affiliated wallet is one of the most reputable decentralized wallets on the website. It is also well known for its military grade security which secures the funds and credentials of users of the non-custodial wallet.
Exclusive App Users not Affected
Trust wallet has many versions, including web, extension and mobile version. Of the three, only wallets created through the extension between 14 and 23 November 2022 were affected. Specifically, the Trust wallet team stated that the incidence did not affect users who only use the mobile wallet app.
The team in a community post assured users that it had modalities in place such as frequent security audits and engaging external auditors to ensure that no security fault went unnoticed.
“While there’s no 100% security, we own our mistakes and improve to prevent, mitigate, and resolve issues swiftly. We’re committed to providing a secure, reliable platform for our users,” the team wrote on Twitter.
According to the team, this is a separate, entirely unrelated incidence from that of a recent security issue discovered by MyCrypto founder Taylor Monahan, which allegedly led to the loss of 5,000 ETH from multiple user wallets.
Trust Wallet Promises Refunds
Trust wallet has accepted full responsibility for the vulnerability, and is willing to make things right by promising a refund to all affected users. To this end, it has created a reimbursement system to begin the process. Affected users are to watch out for notifications on their Trust Wallet browser extension.
This is a major step towards assuring users that the team genuinely cares about them is willing to make things right. Several vulnerability exploits have been reported recently, but none promised a refund to affected customers. With such a strategy, crypto users can be assured that no matter what, they could be compensated.
It may also be a major confidence booster for other people to join the crypto space as investors. The crypto space is already known as a dangerous place for investing, but such thoughts can be put to rest if all startups do what Trust Wallet did by taking an extra step to ensure victims are given a soft landing .