Trust Wallet team fixes vulnerability in the wallet’s core codebase

The Trust Wallet developers have fixed a vulnerability in the core software library of the non-custodial wallet. The issue affected addresses created via the browser extension between 14 and 23 November 2022.

1/10 Trust Wallet is built on security & trust. So we’re sharing a vulnerability affecting new addresses created Nov 14-23,22 using the Browser Extension.

The issue is fixed. Most at-risk funds are secured. Affected users should take actions outlined:
➡️https://t.co/X9AEfqWW87

— Trust Wallet (@TrustWallet) April 22, 2023

«The issue has been resolved. Most at-risk funds are secured», the statement said.

The company stressed that the vulnerability did not affect users who relied solely on the mobile Trust Wallet app or who had imported wallets from services run by other providers.

«The latest versions of the Trust Wallet mobile app and the browser extension remain safe and reliable to use», the developers wrote.

According to the record in the community blog, the vulnerability was linked to the WebAssembly backend module. WebAssembly is a binary format that enables multiple programming languages to be used to build applications. In Trust Wallet it is used to simplify wallet generation via the browser extension.

The team stressed that the vulnerability was not linked to wallet exploits that were described by MetaMask founder Taylor Monahan on April 18.

For the past 48hrs I’ve been unwinding a massive wallet draining operation ??

I don’t know how big it is but since Dec 2022 it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.

Its rekt my friends & OGs who are reasonably secure.

No one knows how. pic.twitter.com/MafntG7RkP

— Tay ? (@tayvano_) April 18, 2023

According to the developers, they also found two relevant exploits totaling $170,000. On the affected addresses, assets worth about $88,000 remain. Their owners were advised to withdraw the tokens.

Trust Wallet said it would reimburse affected users for their lost funds.

In April, Ethermint protocol developers from the Cosmos ecosystem said had fixed a vulnerability worth tens of millions of dollars.