Overview:

In the rapidly expanding realm of digital assets, security is paramount. Trust Wallet, a popular cryptocurrency wallet, disclosed a significant security breach in an April 22 statement. The vulnerability, identified within the wallet’s implementation of WebAssembly (Wasm), resulted in losses of around $170,000 worth of various cryptocurrencies for its users.

The Genesis of the Breach

Interestingly, the vulnerability was not initially identified by Trust Wallet’s internal team but was brought to their attention through their bug bounty program. In this program, external security researchers probe the wallet’s systems for vulnerabilities, with rewards offered for any significant issues discovered.

A security researcher identified the WebAssembly vulnerability in Trust Wallet’s open-source library, Wallet Core, in November 2022. Specifically, new wallet addresses generated between November 14 and 23, 2022, were found to contain the vulnerability. Trust Wallet clarified that all addresses created before and after these dates were safe.

The breach culminated in two separate exploits, leading to a total loss of nearly $170,000. According to a postmortem report, approximately 500 vulnerable addresses remained, with a balance of around $88,000.

The Vulnerability and Exploitation

Vulnerability in WebAssembly (WASM) Affects New Wallets

A vulnerability in the back-end module WebAssembly (WASM) of the open source repository wallet core was found in November 2022. This vulnerability impacted newly created wallets in versions 0.0.172 and 0.0.182 of the Browser Extension. However, it only affected the private keys of the limited new wallets generated in these specific versions. The vulnerability was promptly resolved on November 22, 2022. Consequently, all other versions of the Browser Extension, including the current one, can be used without any safety concerns. It’s important to note that imported wallets and mobile wallets remain unaffected by this issue.

Insufficient Randomness in MT19937 Pseudo-Random Number Generator

The affected version of WASM utilized MT19937, a Mersenne Twister pseudo-random number generator (PRNG) with a state size of 19937 bits, to generate mnemonics. To initiate the generation process, this PRNG required a single 32-bit seed value. However, due to the limited size of the seed, the WASM version was only capable of producing around 4 billion possible mnemonics. Furthermore, the MT19937 PRNG, which operates based on a linear recursion method, does not provide sufficient security for cryptographic purposes. It is susceptible to the prediction of subsequent outputs using a long sub-sequence of output numbers, which poses a security risk.

Identified Wallet Addresses with MT19937 Issue

Please note that this issue is not yet registered as a Common Vulnerabilities and Exposures (CVE). However, another team discovered a similar issue in the Intel Paillier Cryptosystem Library, which can be found here:
https://github.com/intel/pailliercryptolib/issues/2


Security Risks and Predictability of MT19937

The issue at hand stems from the insufficient level of randomness provided by the MT19937 pseudo-random number generator. When this generator was utilized to generate private keys, an individual with expertise (potentially a malicious actor) could monitor enough iterations to predict future iterations. In the event that this person knows that a particular wallet address was created using MT19937, they could gain access to the private key associated with a given public address, requiring moderate to high computational power. Alternatively, a malicious actor could construct an extensive database containing all possible 2^32 outputs generated by MT19937. By employing reverse engineering techniques, they could match private keys to a large set of vulnerable addresses spanning various chains.

Identified Wallet Addresses with MT19937 Issue

During the impact analysis procedure, a few other wallet addresses (less than 100) were identified to have been created with the same MT19937 issue. It is worth noting that some of these wallets were established several years ago, and the majority of them were found to be inactive.

Trust Wallet’s Response and Mitigation

Prompt Fix and Addressing Vulnerability

The code responsible for the vulnerability was promptly addressed within one day of verifying the bug bounty. This ensured that any wallet addresses created after the fix were not affected by the vulnerability. However, the vulnerability persisted in the addresses created between version 0.0.172 and version 0.0.182 themselves. The Trust Wallet development team was not able to eliminate the vulnerability for wallets created using these affected versions without the involvement of the owners of the affected addresses. To mitigate the vulnerability, users must transfer their assets from the affected wallet addresses to new, unaffected ones. It is important to note that this action should be taken by the owners of the wallet addresses themselves. Under these circumstances, every possible measure was taken to inform users and provide assistance in mitigating the risk of potential attacks.

Trust Wallet’s Diligent Security Measures

The Trust Wallet team has been diligently working to ensure the security of users’ assets on the affected wallet addresses. To reach as many affected users as possible, various communication channels were utilized to notify them and encourage the transfer of assets from the affected wallet addresses. A multi-channel notification strategy was implemented, including in-app warnings and mobile push notifications, appearing every minute.

In-App Warnings and Push Notifications for Affected Users

Users of the affected wallets would have received a warning message on their Browser Extension, providing clear instructions on how to transfer their assets to a non-custodial wallet or a centralized exchange. To assure users that the warning banner was legitimate, a Trust Wallet security overview blog post was published on December 7, 2022, illustrating the “Extension warning banner” as the official message from Trust Wallet.

Collaboration with Binance to Notify Affected Users

Furthermore, upon discovering that the funding for the affected wallet addresses originated from Binance based on public on-chain data, Trust Wallet contacted Binance to assist in notifying the users while respecting their privacy. It is crucial to emphasize that the protection of users’ privacy was taken seriously, and no personally identifiable information was shared between Binance and Trust Wallet. Binance’s customer support team played a valuable role in reaching the affected users they were able to reach.

Careful Consideration of Disclosure and Confidential Communication

Consideration was given to disclosing the vulnerability once all feasible fixes had been implemented. However, after careful evaluation, it was determined that an early public disclosure might have exposed the majority of affected users’ funds to an immediate and highly probable hacking risk. The primary objective was to help users safeguard their assets and prevent potential losses. Therefore, confidential one-on-one communication with users was deemed essential to enable them to take necessary actions while maintaining sole ownership of their assets.

Support and Reimbursement for Affected Customers

Trust Wallet’s response to the breach didn’t stop at the technical level. Acknowledging the financial losses suffered by its users, Trust Wallet announced a compensation plan. The wallet committed to reimbursing users who had lost their assets in the breach. In addition to refunding the lost amounts, Trust Wallet also offered to cover the gas fees associated with fund transfers, demonstrating a comprehensive approach towards rectifying the situation.

Trust Wallet also provided assistance to customers affected by the vulnerability by offering customer support and reimbursing them for their gas fees. To date, approximately 23.6 BNB in gas fees have been reimbursed to multiple users who transferred their assets to a secure location.

Successful Transfer of the Majority of Assets to Safe Locations

Through extensive notification efforts over the past five months, the majority of assets in the affected wallet addresses have been successfully moved to safe locations by the users.

Increased Operational Cost and Patching of the Vulnerability

While there is still some level of risk in disclosing this information at this time, the majority of funds have been transferred and secured by users in recent months. As a result, the operational cost for a malicious actor to exploit the vulnerability has increased relative to the potential gains from the remaining affected wallets. Currently, these wallets hold approximately $88,300 USD across around 500 affected wallets with a balance higher than $10 USD worth of tokens. Furthermore, the vulnerability has been explicitly identified and patched.

Moving Forward

In the aftermath of the breach, Trust Wallet made significant efforts to improve their overall security measures. They initiated more rigorous security audits of their codebase, with a particular focus on sections dealing with sensitive data. Additionally, they employed static and dynamic analysis tools to identify potential vulnerabilities proactively.

While the WasmGate event was a stark reminder of the importance of cybersecurity in the digital asset space, Trust Wallet’s response has reassured users of their commitment to maintaining a secure environment for their assets. The platform has since bounced back, and continues to be a favored choice among cryptocurrency users.

Wrapping Up

The WasmGate incident was indeed a setback for Trust Wallet, both in terms of user trust and financial losses. However, their prompt and comprehensive response—covering both technical and financial aspects—demonstrates their commitment to their users. Their proactive approach to improving their security infrastructure, combined with their decision to compensate users, has helped to restore faith in their platform.

The incident serves as a timely reminder for all digital platforms of the importance of robust cybersecurity measures. As the digital asset space continues to grow, so too will the threats, making the need for effective security practices more critical than ever. Trust Wallet’s journey through the WasmGate incident provides a useful case study for other platforms in how to respond effectively to such challenges.