Fri. Oct 13th, 2023

Users Lose $170,000 Due to Trust Wallet’s Security Flaw

ByEsme Greene

May 17, 2023

Users Lose $170,000 Due to Trust Wallet's Security Flaw

Author
Recent Posts

<img alt='Esme Greene' src='https://deeplab.com/wp-content/uploads/2023/07/cropped-imgonline-com-ua-Black-White-M7vjmC4VhrYjj-250x250.jpg' srcset='https://deeplab.com/wp-content/uploads/2023/07/cropped-imgonline-com-ua-Black-White-M7vjmC4VhrYjj-500x500.jpg 2x' class='avatar avatar-250 photo' height='250' width='250' loading='lazy' decoding='async'/>

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.

<img alt='Esme Greene' src='https://deeplab.com/wp-content/uploads/2023/07/cropped-imgonline-com-ua-Black-White-M7vjmC4VhrYjj-250x250.jpg' srcset='https://deeplab.com/wp-content/uploads/2023/07/cropped-imgonline-com-ua-Black-White-M7vjmC4VhrYjj-500x500.jpg 2x' class='avatar avatar-250 photo' height='250' width='250' loading='lazy' decoding='async'/>

Latest posts by Esme Greene (see all)

“Ducktail” Hackers Target Facebook - September 28, 2023
Okta Breach: Super Admin Hack - September 24, 2023
Rackspace: $10.8M Cloud Shift - September 23, 2023

The WebAssembly module (WASM) of the browser extension included a security flaw that led to a loss of $170,000.

Based on the report provided by Trust Wallet’s developers, wallet users lost $170 000 due to a vulnerability in the WebAssembly module (WASM) of the browser extension.

The WASM generated pseudo-random secret keys using an incorrectly set up MT19937 random number generator. Hackers twice took advantage of the flaw, provoking a loss of around $170,000. The Trust Wallet team claimed in an announcement dated April 22nd that the issue only applied to browser wallets established between November 14th and November 23rd, 2022. Mobile wallets were unaffected, including those integrated into the browser extension.

Developers of Trust Wallet postponed releasing all relevant information about the compromise in order to fend off immediate attempts and lower the probability of future leaks. Additionally, they stated that the vulnerability had nothing to do with the one that MyCrypto creator Taylor Monahan previously talked about – he claimed that roughly 5,000 ETH had been taken from customers’ wallets.

Trust Wallet Offers Compensation to Victims

The project team promised to reimburse the affected users for their lost funds. The owners of hacked wallets will be notified via browser extensions with the help of the return system Trust Wallet has previously developed. For 60 days, or until June 22nd, the refund application will be accessible. The confirmation of it and the restitution of stolen property could take up to two weeks.

Additionally, according to the developers, users were instructed to withdraw money right once because the vulnerable addresses still had around $88,000 in them.

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.

Related Post

“Ducktail” Hackers Target Facebook

Sep 28, 2023 Esme Greene

Okta Breach: Super Admin Hack

Sep 24, 2023 Esme Greene

Rackspace: $10.8M Cloud Shift

Sep 23, 2023 Esme Greene