Thousands Of Dollars Worth Of Trust Wallet User Funds Still At Risk Despite Fixed Vulnerability

Trust Wallet, the Binance-backed cryptocurrency wallet that allows businesses to buy, exchange, store and collect crypto and Non-Fungible Tokens (NFTs), announced that despite fixing the previous vulnerability, thousands of dollars worth of its users' funds are still at risk.

In an announcement shared on Twitter over the weekend, Trust Wallet said that the vulnerability that cost approximately $170,000 from the identified exploits is "fixed" and "most at-risk funds are secured."

However, the crypto wallet also admitted that while "the majority of funds at risk have been secured by users," there is around "$88k total balance left on affected addresses," underlining that these funds are still vulnerable.

To prevent this from being exploited, Trust Wallet encouraged users to move their funds "as soon as possible" and to avoid using addresses that came from other people.

"And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible," Trust Wallet said in a new blog.

The WebAssembly (WASM) vulnerability was spotted by a security researcher in Trust Wallet's open-source library, Wallet Core, through its bug bounty program in November last year.

The attack impacted wallet addresses generated by Browser Extension between Nov. 14 and 23, 2022. Trust Wallet said that it "quickly patched the vulnerability, and all addresses created after those dates are safe."

But since users collectively lost around $170,000, the Binance-backed crypto wallet assured its users of reimbursements of these eligible losses with a reimbursement process already in place.

"As a commitment to transparency and user protection, we want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users," Trust Wallet said in the blog.

For users still not sure if they are affected by the vulnerability, Trust Wallet said they should have received "a notification in the Browser Extension." It told users to "please open your TW Browser Extension and see whether you received such warning notification."

The crypto wallet also noted that victims noticing "abnormal fund movement" between "late December 2022 and late March 2023" could be victims of the two exploits.

The company advised that users should "carefully read the reimbursement process to understand the next steps," noting that "this is our best effort to verify ownership of the affected addresses and we will reimburse funds to each victim. We have an exact list of all affected wallets."