•Trust Wallet, a crypto wallet provider reported a security vulnerability leading to the loss of $170,000 worth of user funds.
•The security risk was discovered back in November 2022 via the bug bounty program and has now been neutralized.
•Trust Wallet is reimbursing victims who qualify through their verification process.
Security Vulnerability Reported by Trust Wallet
Crypto Wallet provider Trust Wallet has reported a security vulnerability that led to the loss of $170,000 of user funds. According to a thread from their official Twitter handle, Trust Wallet states that an anonymous security researcher reported the security risk back in November 2022 through the company’s bug bounty program.
Vulnerability Neutralized
Based on this security report, Trust Wallet was informed of a WebAssembly vulnerability in their open-source library Wallet Core. Although the security risk has now been neutralized, Trust Wallet reports it did lead to two exploits that resulted in customers losing about $170,000.
Affected Users
Users who experienced any abnormal fund movement in late December 2022 and late March 2023 may be considered victims of the security vulnerability. However, Trust Wallet assures everyone that users of its mobile app or users who only imported wallet addresses into the browser extension were totally protected from this breach. Meanwhile, the wallet service company has urged owners of all remaining vulnerable addresses (500) to move their assets – valued at nearly $88,000 – to new wallet addresses.
Reimbursement Plan for Affected Customers
While informing the public of this security vulnerability, Trust Wallet provided some reprieve for the affected customers. According to their statement, the company has created a reimbursement plan aimed at paying off all victims of the exploits. However, customers will be required to pass the claim form verification process of ownership among other things in order to qualify for this program.
No Association with 5k ETH Drain
Trust Wallet already stated they have a full list of all affected customers which have received personal notifications from them and maintain that asset drain had no association with 5K ETH draining incident which occurred some days ago