Trust Wallet, a cryptocurrency wallet owned by Binance, recently disclosed a WebAssembly vulnerability in an open-source library that affected new wallet addresses generated between November 14 and 23, 2022, by its Browser Extension. The company fixed the vulnerability within one day of verifying the bug bounty report.
According to Trust Wallet, the vulnerability was due to a bug in the WebAssembly module that generated public keys for new wallet addresses. The vulnerability could have allowed an attacker to generate a private key for a wallet address that did not belong to them. This means that attackers could potentially gain access to wallets and steal funds.
Trust Wallet stated that it was not aware of any instances where attackers exploited the vulnerability. However, as a precautionary measure, Trust Wallet urged all users who generated new wallet addresses using the Browser Extension during the affected period to transfer their funds to a new wallet address.
In addition, Trust Wallet announced that it would reimburse users who lost funds due to this vulnerability. The company reimbursed approximately $170,000 USD worth of cryptocurrency to affected users.
This incident highlights the importance of open-source libraries and the need for rigorous security measures in cryptocurrency wallets. Trust Wallet’s prompt response to the vulnerability and quick fix of the issue are commendable, as is their commitment to reimbursing affected users.
Trust Wallet also stated that it will continue to invest in security measures to prevent similar vulnerabilities in the future. It is encouraging to see companies take security seriously and prioritize the safety of their users’ funds.
Cryptocurrency users should remain vigilant and take necessary precautions to protect their funds, such as using strong passwords and enabling two-factor authentication. It is important to stay informed about potential vulnerabilities and updates to software and to always use trusted and secure platforms for storing and trading cryptocurrencies.