Trust Wallet, a popular cryptocurrency wallet, announced that it has fixed a vulnerability issue that had been identified by a security export at the end of last year. The issue affected new addresses created between November 14 and 23, 2022 using the Browser Extension.
The company has urged affected users to take immediate action to secure their funds.
In a Twitter thread, Trust Wallet stated that the issue has been fixed, and most of the at-risk funds have been secured. However, there is still approximately $88,000 of the total balance left on affected addresses, and the company has urged affected users to move their funds as soon as possible.
Is my Trust Wallet vulnerable?
According to Trust Wallet, users are not affected by this vulnerability if:
- They only use the Trust Wallet mobile app.
- They only imported wallet addresses created somewhere else into the Browser Extension.
- They only used the Browser Extension to create a new wallet before November 14, 2022, or after November 23, 2022.
For affected users who created the wallet address in the Browser Extension between November 14 and 23, 2022, Trust Wallet has provided important instructions on how to secure their funds. The company has also advised affected users to avoid using addresses provided by others. The company noted that impacted users will be notified via a message on the browser extension.
https://trustwallet.com/claims
Trust Wallet has been transparent about the situation, stating that it delayed the disclosure to prevent immediate attacks and reduce potential breaches, thus safeguarding assets. The company has also aggressively pushed 1-1 notifications to affected addresses for the past months, resulting in significant fund transfers to secure addresses in strong momentum until recently.
Despite Trust Wallet’s best efforts to minimize loss, the company has identified two likely exploits with a total loss of $170,000. To make things right for affected users, Trust Wallet has created a reimbursement process to make them whole.