Attackers used a vulnerability in the Trust Wallet crypto wallet browser extension to steal $170,000 from the service’s customers. message about it published Crypto wallet developers who have promised to pay damages.
A vulnerability was discovered last November in the Wallet Core library’s WebAssembly module, which is used by the Trust Wallet browser extension. Despite the fact that the developers were able to quickly fix the vulnerability, they also identified two exploits that were used by attackers to steal funds. The analysis showed that the issue affects wallets created between November 14 and November 23, 2022 using the Trust Wallet extension.
“Despite our best efforts, we discovered two potential exploits that resulted in a loss of $170,000 at the time of the attack. As part of our commitment to transparency and user protection, we want to reassure our customers that we will refund the appropriate hacking losses due to the vulnerability and have already initiated a refund process for users affected by the issue.”— said in a message from the developers of Trust Wallet.
Wallet users imported from the mobile app are not affected. The message from the developers states that they are aware of the list of affected wallets and their owners have already received the relevant notifications and they will be refunded soon.