Crypto wallet Trust Wallet has disclosed a security vulnerability that resulted in nearly $170,000 in losses for some users. The vulnerability has been patched, according to the company. Trust Wallet found out about the issue through its bug bounty program. A security researcher reported a WebAssembly vulnerability in the open-source library Wallet Core in November 2022. New wallet addresses generated “between November 14 and 23, 2022 by Browser Extension contain this vulnerability,” the company said in a statement, adding that all addresses created before and after those dates are safe. The breach resulted in two exploits that led to a total loss of nearly $170,000. Approximately 500 vulnerable addresses remain, with an $88,000 balance, according to a postmortem report. Affected users will be offered a refund and gas fee assistance to cover the costs of fund transfers. According to Trust Wallet: “We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible.”

Full report : Trust Wallet to reimburse users after $170,000 security incident.