The WebAssembly module (WASM) of the browser extension included a security flaw that led to a loss of $170,000.
Based on the report provided by Trust Wallet’s developers, wallet users lost $170 000 due to a vulnerability in the WebAssembly module (WASM) of the browser extension.
The WASM generated pseudo-random secret keys using an incorrectly set up MT19937 random number generator. Hackers twice took advantage of the flaw, provoking a loss of around $170,000. The Trust Wallet team claimed in an announcement dated April 22nd that the issue only applied to browser wallets established between November 14th and November 23rd, 2022. Mobile wallets were unaffected, including those integrated into the browser extension.
Developers of Trust Wallet postponed releasing all relevant information about the compromise in order to fend off immediate attempts and lower the probability of future leaks. Additionally, they stated that the vulnerability had nothing to do with the one that MyCrypto creator Taylor Monahan previously talked about – he claimed that roughly 5,000 ETH had been taken from customers’ wallets.
Trust Wallet Offers Compensation to Victims
The project team promised to reimburse the affected users for their lost funds. The owners of hacked wallets will be notified via browser extensions with the help of the return system Trust Wallet has previously developed. For 60 days, or until June 22nd, the refund application will be accessible. The confirmation of it and the restitution of stolen property could take up to two weeks.
Additionally, according to the developers, users were instructed to withdraw money right once because the vulnerable addresses still had around $88,000 in them.