Subscribe to our Telegram channel
More than 4 billion Trust Wallet cryptocurrency wallets are at risk — they can be hacked in minutes
It turned out that more than 4 billion Trust Wallet cryptocurrency wallets are at risk. According to Anton Bukov, co-founder of the 1inch platform, all Trust Wallet wallets can be hacked in just a few minutes.
«All 4 billion existing Trust Wallet wallets can be hacked in a few minutes using a regular laptop,» Bukov said.
All the 4 billions of possible wallets can be brutforced within a few minutes on average laptop. https://t.co/xnUJXL6ptY
— Anton Bukov (e/acc)🦇🔊 (@k06a) April 23, 2023
This conclusion was reached by 1inch specialists after analyzing the Trust Wallet extension. According to the developers, the critical problem lies in the use of a pseudo-random number generator (PRNG).
The Mersenne Twister solution (MT19937) uses a generator to create private keys. However, PRNG is not random, so attackers can crack private keys by understanding how the generator works.
And here, Kaspersky decided that instead of picking a random password, they should bias the password to be non-random and thus “less likely to be on a cracker list”. 🤦🏻♂️ pic.twitter.com/hMtW9kNaHg
— Matthew Green (@matthew_d_green) July 6, 2021
As a reminder, on April 22, Trust Wallet developers reported that software users lost $ 170 thousand. The vulnerability affected wallets created in the browser extension between November 14 and 23, 2022. An anonymous security analyst reported the vulnerability back in November, telling about a bug on the rewards website (bounty program).
Trust Wallet representatives assured that they would compensate their users. The company also warned that the «vulnerable» addresses still contain about $ 88 thousand. The team urged users to immediately withdraw digital funds from the compromised storages.