Trust Wallet, a cryptocurrency wallet owned by Binance, has announced that there is a WebAssembly vulnerability in its open source library, and that new wallet addresses created by the Browser Extension between 14-23 November 2022 contain this vulnerability.
The Trust Wallet team reported that they closed the vulnerability within 1 day after confirming the report of the person who discovered the vulnerability. The stolen $170,000 was returned.
"Those Who Open Trust Wallet Between 14-23 November Should Carry Their Funds"
New wallet addresses created by the browser plugin between 14-23 November 2022 contain this vulnerability. Trust Wallet quickly closed this gap and all addresses created after these dates are safe.
Trust Wallet also urged affected users to move the remaining ~88,000 USD balance on all vulnerable addresses as soon as possible.
Trust Wallet has advised users to take certain actions based on whether their wallet address is affected. Unaffected users are advised to continue using the latest versions of the Trust Wallet mobile app and Browser Extension that are safe and secure.
However, those affected will see a notification in the browser plugin and will need to immediately create a new wallet address and move their assets to that address, stopping the use of vulnerable addresses.
Trust Wallet also made recommendations for wallet developers using Wallet Core. If they used the Wallet Core library to develop browser plug-in wallets in 2022, they should make sure to implement the latest version of Wallet Core to prevent browser plug-in applications from being affected by this vulnerability.
*Not investment advice.