In November, when FTX went bankrupt, Binance CEO CZ’s hot wallet solution Trust Wallet (TWT) was revealed to contain serious security vulnerabilities!
Security vulnerabilities detected in Binance-backed Trust Wallet!
What happened: Binance announced in June of last year that it has partnered with Trust Wallet. The integration between Binance Connect and Trust Wallet was intended for users to seamlessly access their Web3 assets.
Binance CEO CZ touted the hot wallet solution backed by its exchange as a “trusted decentralized storage vehicle” back in November when FTX went bankrupt. cryptocoin.com As we reported, the TWT price gained triple digits, accompanied by CZ’s tweets. The newly discovered vulnerability, which the Trust Wallet team has officially confirmed, raises the issue of ‘trust’ again.
We are not just a CEX. We offer choices.
Store crypto yourself? Read this article I wrote from 2 years ago. The 15 minutes read will save you money and headache later. @TrustWallet
Read the same article if you use a CEX, too. @binancehttps://t.co/Kp6VeKirgZ
— CZ 🔶 Binance (@cz_binance) November 13, 2022
Trust Wallet team approves security disclosures
Trust Wallet team reported that security vulnerabilities were detected on Twitter and a new version was released in the past hours. According to official statements, only new addresses created using the Browser Extension between 14-23 November 2023 are in danger.
1/10 Trust Wallet is built on security & trust. So we're sharing a vulnerability affecting new addresses created Nov 14-23,22 using the Browser Extension.
The issue is fixed. Most at-risk funds are secured. Affected users should take actions outlined:
➡️https://t.co/X9AEfqWW87— Trust Wallet (@TrustWallet) April 22, 2023
For your security, you can follow the instructions approved by the Trust Wallet team.
Who was affected?
If your wallet addresses are vulnerable, you will see a notification in the Browser Extension. Please open your TW Browser Extension and see if you get such a warning notification.
Who was not affected?
You are not vulnerable to this vulnerability if your wallet addresses are in the following scenarios:
- Only if you use the Trust Wallet mobile apps.
- If you have only imported wallet addresses into the Browser Extension.
- If you only used the Browser Extension to create a new wallet before 14 November 2023 or after 23 November 2022.
What should I do now?
- If you do not see the warning notification, it is safe to use your wallet addresses and this vulnerability does not affect you.
- If you see the notification, you should create a new wallet address and move your assets immediately and stop using vulnerable addresses. Please refrain from using wallet addresses that you did not create yourself to avoid being used by scammers.
- For users who saw abnormal funds movement in late December 2022 and late March 2023, you may be one of the few victims suffering from the two exploits. Please read the refund process carefully to understand the next steps. 25. We do our best to verify ownership of the affected addresses and will refund the funds to each victim. We have a complete list of all affected wallets.
$170,000 stolen from Trust Wallet vulnerability!
In November 2022, a security researcher reported a WebAssembly (WASM) vulnerability in the open source library Wallet Core through Trust Wallet’s bug bounty program. The Trust Wallet Browser Extension uses WASM in Wallet Core, and new addresses created by the Browser Extension between 14-23 November 2022 contain this vulnerability.
According to the announcement, the vulnerability was quickly fixed and all addresses created after these dates are reported to be safe. The attack resulted in a total loss of approximately $170,000. “Affected users are requested to move the remaining ~$88,000 balance to all vulnerable addresses as soon as possible.”
How has TWT price reacted?
TWT, which is ranked 87th by market value, has not yet given a big reaction to the hack news. At the time of writing, it is trading at $1.21, down 1.5% on the day.
