Trust Wallet has successfully fixed a vulnerability on its app, but warns that $88,000 worth of user funds are still at risk. The popular mobile wallet for cryptocurrency has urged its users to upgrade their app to the latest version, which contains the patches and fixes for the vulnerability. However, those who have not yet updated their app could still be vulnerable to attacks. Trust Wallet advises users to remain vigilant and take measures to protect their funds, such as using a strong password and enabling two-factor authentication.
Trust Wallet, a popular crypto wallet that is backed by Binance, recently announced that it had fixed a vulnerability that had exposed users’ funds to security risks. Even though the team had taken a few days to patch the vulnerability and release the necessary fix, it didn’t publicly acknowledge the issue for months, and still advises affected users to move their funds to a new wallet address to protect themselves.
According to Trust Wallet, the vulnerability only affects users who created a digital wallet using the project’s browser extension between November 13th and 23rd, 2022. The fix only benefits browser wallets created after November 23rd.
The Binance-backed wallet project says it had initially been alerted to the problem by a security researcher who flagged an issue in its open-source library that exposed private keys to a security risk. Although most of the users’ vulnerable funds have been secured, Trust Wallet says that $88,300 of funds are still exposed. Trust Wallet acknowledges that a few users had fallen victim to the vulnerability, pledging on Twitter to offer them a refund.
Once the vulnerability had been fixed, preventing new wallets from being impacted, the team debated whether to disclose the vulnerability publicly. The project concluded that its primary objective was to help users preserve as much of their assets as possible and prevent potential losses. It believed that confidential, one-on-one communication with users would enable users to take the necessary actions without sacrificing their assets’ sole ownership.
Trust Wallet reached out to impacted users through multiple rounds of mobile push notifications and in-app warnings that appeared every minute. The messages were accompanied by clear instructions on how users could transfer their assets, it said. Trust Wallet also offered users customer support and, additionally, offered to reimburse gas fees for users transferring their funds to uncompromised wallets. In total, Trust Wallet reimbursed around 23.6 BNB of gas fees, or around $7,700.
Furthermore, Trust Wallet reached out to Binance and secured the exchange’s help in reaching out to users who had funds that could be traced back to the exchange. The project emphasized that it did not share personally identifiable information with the exchange. The project thanked Binance’s security team for “triaging the issue, conducting risk assessments, escalating the matter, conducting impact analysis, and communicating with the security researcher.”
Trust Wallet said it had prepared a public statement regarding the vulnerability last November, but decided to wait, weighing the value of informing the public against the possibility of highlighting a security hole that could still be used. The public warning’s date would ultimately be pushed back from November to April. Trust Wallet considered that once the disclosure was made, a bad actor could exploit the remaining wallets and take ownership of the funds left. Therefore, it gave affected users more time to secure their funds instead of making a premature disclosure.
In conclusion, Trust Wallet identified a vulnerability in its system and took steps to mitigate it by informing affected users and offering to reimburse them. While it didn’t immediately disclose the vulnerability publicly, it did prioritize reaching out to users and helping them secure their funds before making a public announcement. Trust Wallet’s response to the vulnerability sets a standard for other wallets and crypto platforms to follow to ensure users’ safety and security.
– Trust Wallet Fixes a Vulnerability That Exposed Users to Security Risks
– Trust Wallet’s Response to the Vulnerability Sets a Standard for Crypto Platforms