$170,000 was lost as a result of a WebAssembly (WASM) vulnerability, according to Trust Wallet.
The crypto wallet service said in a statement on April 22 that the issue affects wallets created by its browser extension between November 14 and September 23, 2022. The vulnerability was disclosed in November 2022 via the Trust Wallet bug bounty program by an unidentified security researcher.
The business claimed that it postponed this announcement in order to fend off imminent threats and minimize security holes. Despite the delay, the weakness was twice exploited, resulting in a loss of almost $170,000.
However, neither users of the Trust Wallet mobile app nor those who imported their wallets into the browser extension are impacted by this issue. Additionally, it doesn’t apply to those who used the extension to generate new wallet addresses before November 14 or after November 23, 2022.
Trust Wallet later clarified that the vulnerability was unrelated to the one mentioned by Taylor Monahan, founder of MyCrypto. According to Monahand, recent wallet thefts from various users totaled roughly 5000 ETH.
The wallet supported by Binance promised to return any monies that had been taken by afflicted users. The business claimed to have developed a repayment system that would send alerts to these users via their browser extensions.
There was still roughly $88,000 in certain insecure addresses, Trust Wallet further cautioned. Users with these addresses were instructed by the team to withdraw their money right now.
Following the incident, Trust Wallet claimed it had five times more thoroughly audited its security procedures and coverage over the previous three months.
Cryptocurrency vulnerabilities have gained traction recently after a slow start to the year, beginning with a breach of Euler Finance in March.
During the first two weeks of April, DeFi protocols such Allbridge, Sentiment, Hundred Finance, and Yearn Finance were abused. DeFillama data shows that these attacks caused losses of more than $20 million.
According to a recent article in Wired, several cryptocurrency firms were targeted and exploited by North Korean-backed hackers using a software supply-chain assault. According to the investigation, these hackers were concealing harmful software in the installation of the VoIP program 3CX.