Cyber Incident Victim: Trust Wallet

On November 14, 2022, a security vulnerability began affecting Trust Wallet users who generated new wallet addresses through the platform. The flaw, present in one of Trust Wallet’s open-source libraries, remained undetected until a bounty hunter identified and reported it. Between November 14 and November 23, 2022, attackers exploited this vulnerability to compromise user funds, resulting in losses totaling nearly $170,000. The incident specifically impacted wallets created during this nine-day window, indicating a limited but targeted exploitation period. Trust Wallet confirmed the vulnerability’s existence and its connection to the open-source library component but did not disclose technical specifics of the exploit mechanism.

Trust Wallet publicly addressed the incident on April 22, 2023, announcing it had patched the vulnerability and secured "most at-risk funds" to prevent further theft. The company committed to reimbursing all verified customer losses stemming from the exploit. No additional compromises were reported after the patch deployment. The response highlighted the role of external security researchers in identifying critical flaws, though Trust Wallet did not reveal the bounty hunter’s identity or the terms of their disclosure. The financial impact was confined to the specified November 2022 timeframe, with no evidence suggesting broader system infiltration or collateral damage to wallets created outside the affected dates. Reimbursement processes were initiated for verified claims, concluding the direct remediation efforts.