Trust Wallet, a crypto wallet project backed by cryptocurrency exchange Binance has recently fixed a vulnerability in its browser extension that impacted users who created a digital wallet using the Trust Wallet browser extension between November 13th and November 23rd of last year. Although the bug was previously addressed, Trust Wallet did not publicly acknowledge the issue until recently, noting that affected users need to move their funds to a new wallet address to be completely free from the vulnerability.

Trust Wallet was alerted of the security bug by a security researcher last fall, an issue that made user’s private keys exposed. The bug has since been fixed, though in their announcement the Trust Wallet team said that around $88,000 of funds remain exposed and vulnerable. As a result, the project has pledged a reimbursement process for those that have fallen victim to the bug, with a total loss of $170K being identified. As part of the bug refund process, Trust Wallet is providing affected users customer support and offering to reimburse gas fees for users shifting their funds to uncompromised wallets. For example, the project has reimbursed around 23.6 BNB of gas fees, which total out to around $7,700.

In order to give users time to safely migrate their assets and protect their funds from potential attacks, the Trust Wallet team said it initially debated on whether to disclose the vulnerability publicly or not. They chose to do one-on-one communication with the affected users to allow for users to move their assets without giving up sole ownership. The Trust Wallet project got help from Binance's security team in triaging the issue, conducting risk assessments, escalating the matter, conducting impact analysis and communicating with the security research. The two companies agreed that personal information would not be shared. In the end, Trust Wallet decided to hold off on the public warning until February, giving additional time to allow impacted users to secure their funds.



Other News from Today