Trust Wallet: There was a vulnerability in the addresses for creating new wallets from November 14 to 23 last year, and a compensation process has been established for affected users
ChainCatcher news, cryptocurrency wallet Trust Wallet released "WASM Vulnerability, Incident Update and Recommended Actions." The announcement states that in November 2022, a security researcher reported a WebAssembly (WASM) vulnerability in the Trust Wallet open-source library Wallet Core through the bug bounty program. The Trust Wallet Browser Extension uses WASM in Wallet Core, and new wallet addresses generated by the Browser Extension between November 14 and 23, 2022, contained this vulnerability. Trust Wallet quickly patched the vulnerability, and all addresses created after these dates are secure.However, Trust Wallet still detected two potential vulnerabilities, which resulted in a total loss of approximately $170,000 during the attacks. In response, Trust Wallet will compensate eligible losses caused by the hacking due to the vulnerabilities and has created a compensation process for affected users. Additionally, Trust Wallet urges affected users to transfer the remaining balance of approximately $88,000 from all vulnerable addresses as soon as possible.Users who only use the Trust Wallet mobile app, only imported wallet addresses into the browser extension, and created a new wallet using the browser extension only between November 14, 2023, and November 23, 2022, are not affected by this vulnerability. If users receive a warning notification in the TW Browser Extension, they may be at risk. Users who experienced unusual fund flows in late December 2022 and late March 2023 may be among the few victims of these two vulnerabilities. (source link)