Why Trust Wallet’s Browser Extension Is No Longer Safe: An Overview

04/22/2023 09:49 • Metaverse Matters • 81 views

On April 22nd, the founder of Slow Fog, Yu Xian, quoted Trust Wallet’s announcement on social media stating that if users use the Trust Wallet browser extension and create a wallet between November 14-23, 2022, the wallet will be at risk. The fundamental reason is that the MT19937 pseudo-random number generator used by the TrustWallet browser extension at that time did not provide sufficient randomness, resulting in the private key being cracked.

Founder of Slow Fog: There are risks in using TrustWallet browser extensions to create wallets from November 14-23 last year

In November 2022, users of Trust Wallet’s browser extension were alerted that their wallets may be at risk due to the use of an outdated pseudo-random number generator. In this article, we delve into the details of the vulnerability and how it puts users at risk.

The Background: Slow Fog Founder’s Warning

On April 22nd, the founder of Slow Fog, Yu Xian, quoted Trust Wallet’s announcement on social media, stating that wallets created with the Trust Wallet browser extension during the period of November 14-23, 2022, were at risk. The warning was grim, and the community started asking questions. What was the nature of the vulnerability? How did this happen? Are other wallets affected?

TrustWallet and the MT19937 Pseudo-Random Number Generator

The root cause of the vulnerability lies in the MT19937 pseudo-random number generator used by Trust Wallet’s browser extension at that time. A pseudo-random number generator is a mathematical algorithm that generates a sequence of numbers that appear random but are actually predetermined by the algorithm’s internal state.
The MT19937 algorithm was developed in the 1990s and has been widely used in various applications. However, it is not cryptographically secure and should not be used to generate private keys that are used to secure cryptocurrency wallets. When Trust Wallet’s browser extension used MT19937 to generate private keys, the lack of entropy in the algorithm’s implementation provided an opportunity for attackers to guess the private key and access the wallet.

The Implication: The Risk of Using Trust Wallet Browser Extension

The consequence of using the Trust Wallet browser extension during the vulnerable period is that wallets created with it are vulnerable to a brute-force attack. A hacker who knows the address of a wallet and has the public key can guess the private key using the algorithm’s weaknesses. Once the private key is obtained, the funds in the wallet can be transferred out by the attacker, and the owner will have no recourse.

Mitigation: Upgrade to a Secure Wallet

The recommended mitigation for this vulnerability is to transfer any funds stored in a wallet created with Trust Wallet’s browser extension during the vulnerable period to a wallet that uses a cryptographically secure pseudo-random number generator.
Several wallets, such as MetaMask or Ledger, use a cryptographically secure random number generator and have not been affected by this vulnerability. By transferring funds to a secure wallet, users can ensure that their funds are no longer at risk.

Lessons Learned: The Importance of Security

The vulnerability in Trust Wallet’s browser extension highlights the importance of security in the cryptocurrency space. Wallets are the guardians of our digital assets, and any weakness or vulnerability can result in significant financial loss. It is crucial to choose a wallet that follows best security practices and to keep up-to-date with any news or warnings related to wallet security.

Conclusion

Trust Wallet’s browser extension vulnerability was a wake-up call for the cryptocurrency community. By understanding the cause of the vulnerability, its implications, and the recommended mitigation measures, users can take steps to secure their funds and prevent financial loss.

FAQs

Q1: Can Trust Wallet Browser Extension Be Used Safely Now?

No. If you used Trust Wallet’s browser extension to create a wallet between November 14-23, 2022, your wallet is still vulnerable to attack.

Q2: Are Other Wallets Affected by this Vulnerability?

No. Only wallets created with Trust Wallet’s browser extension during the vulnerable period are affected.

Q3: What Should I Do if I Have Funds in a Wallet Created with Trust Wallet’s Browser Extension During the Vulnerable Period?

Transferring the funds to a wallet that uses a cryptographically secure pseudo-random number generator is the recommended measure to prevent the possibility of an attack.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/04/22/why-trust-wallets-browser-extension-is-no-longer-safe-an-overview/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.