More than 4 billion Trust Wallet cryptocurrency wallets are at risk — they can be hacked in minutes

It turned out that more than 4 billion Trust Wallet cryptocurrency wallets are at risk. According to Anton Bukov, co-founder of the 1inch platform, all Trust Wallet wallets can be hacked in just a few minutes.

«All 4 billion existing Trust Wallet wallets can be hacked in a few minutes using a regular laptop,» Bukov said.

All the 4 billions of possible wallets can be brutforced within a few minutes on average laptop. https://t.co/xnUJXL6ptY

— Anton Bukov (e/acc)🦇🔊 (@k06a) April 23, 2023

This conclusion was reached by 1inch specialists after analyzing the Trust Wallet extension. According to the developers, the critical problem lies in the use of a pseudo-random number generator (PRNG).

The Mersenne Twister solution (MT19937) uses a generator to create private keys. However, PRNG is not random, so attackers can crack private keys by understanding how the generator works.

And here, Kaspersky decided that instead of picking a random password, they should bias the password to be non-random and thus “less likely to be on a cracker list”. 🤦🏻‍♂️ pic.twitter.com/hMtW9kNaHg

— Matthew Green (@matthew_d_green) July 6, 2021

As a reminder, on April 22, Trust Wallet developers reported that software users lost $ 170 thousand. The vulnerability affected wallets created in the browser extension between November 14 and 23, 2022. An anonymous security analyst reported the vulnerability back in November, telling about a bug on the rewards website (bounty program).

Trust Wallet representatives assured that they would compensate their users. The company also warned that the «vulnerable» addresses still contain about $ 88 thousand. The team urged users to immediately withdraw digital funds from the compromised storages.