Trust Wallet $170K Exploit: Is Your Crypto Safe

GM Readers!📪 It's BitDegree Insider, and it's time to speedrun this game.

⭐️Today's selection:

• 🚓Trust Wallet Exploit
• 💰Venture Mondays
• 👌Selected Meme of The Day
• 📰Bite-Sized News

TRUST WALLET EXPLOIT

Trust Wallet discovered a vulnerability in their browser extension that affected wallets created between November 14th and 23rd, 2022, which led to the theft of approximately $170,000.

The vulnerability has now been resolved, and wallets created after November 23rd are safe. Trust Wallet has announced that they will reimburse the losses.

If your wallet is vulnerable, you will see a warning message in the browser extension, and you should withdraw all your assets.

The vulnerability applies only if you use Trust Wallet extension on PC, not on your phone!

Trust Wallet's team acted prudently and did not disclose the vulnerability immediately to avoid becoming an easy target for more hackers.

However, two exploits were still carried out, amounting to a total of ~$170,000.

"Most of the threatened funds have been saved, but there is still $88,000 left on the addresses affected by the vulnerability. Transfer your money to other addresses as soon as possible," the project team advises.

But is everything fine now? What about the other wallets created through Trust Wallet?

1inch co-founder Anton Bukov raised concerns about the real danger associated with Trust Wallets, which recently had a WebAssembly (WASM) bug.

Their research suggests a disturbing conclusion:

"All 4 billion potential wallets can be hacked within minutes on an average laptop."

The main issue lies in the use of a pseudorandom number generator (PRNG) - the Mersenne Twister (MT19937) for generating private keys, which is not "random enough," allowing attackers to crack private keys.

Cybersecurity analyst Matthew Green warned about the PRNG problem back in 2021.

The security of Trust Wallet remains an open question, and users should be aware of this threat.

The Trust Wallet team may need to consider replacing the PRNG with a more reliable and cryptographically robust solution to ensure the safety of their users and funds.

Well, for now it seems like things got calm again. Just make sure that you diversify not only the assets you buy, but also wallets you use! Take care!

TL;DR: Trust Wallet team has disclosed that their team discovered a vulnerability in their browser extension that affected wallets created between November 14th and 23rd, 2022, which led to the theft of approximately $170,000.

VENTURE MONDAYS

DeFi focused EVM-compatible Layer-1 blockchain built on the Cosmos SDK, Berachain, raised $42M in a Series A funding round led by Polychain Capital, with participation from Hack VC, Shima Capital, Robot Ventures, Golden Tree, dao5 (daofive), Tribe Capital.

Berachain is an Layer-1 blockchain built on Cosmos, which has its own Proof-of-Liquidity consensus. No further details are available yet. 

But! we can try... Testing Berachain.

Berachain is rumored to have a public and incentivized testnet launching in the coming weeks.

However, there are a few activities that are already available now. 

What do you have to do?

1.Go to the Goerli faucet to get some of those test ETH or, if you've already participated in our previous how-to guides, use what's remaining from back then.2.Transfer test ETH to the Arbitrum Goerli network using the bridge. In order for the bridge of test tokens to appear, switch to Goerli network, and then connect your wallet. The bridging will take around 15-20 minutes.3. Go to their site, connect the wallet. Make swaps, stake and provide tokens in the liquidity pool. 4. Leave feedback by filling out the form.

Web3 Notification System Yoz raised $3.5M in a Seed funding round led by Electric Capital, with participation from Coinbase Ventures, Collab+Currency, Dapper Labs, Form Capital, North Island Ventures

Yoz allows users to create and customize notifications for a wide range of on-chain events, such as when their .eth domain is about to expire, when a crypto-whale they track sends a transfer, or when there's a new vote in one of the DAOs they're a member of (and to receive it on any messenger/email. Yoz is a "no-code" solution, which means that it's easy to use, even if you're not a developer.

SELECTED MEME OF THE DAY

BITE-SIZED NEWS

• Terra Do Kwon's Lawyers Requests US Court to Dismiss Charges Brought by SEC. Do Kwon's lawyers argue that SEC cannot regulate UST as it is not security.
• Romania's National Institute to Launch In-House NFT Trading Platform. ICI Bucharest NFT trading platform is set to launch on April 26th
• The Reserve Bank of Zimbabwe Plans to Launch Gold-Backed Digital Currency. They claim that the new digital currency will be "leaving no one and no place behind."