Trust Wallet accounts created between Feb. 5 and Aug. 21, 2018 on iOS devices may still be vulnerable to exploits, according to cybersecurity research firm SECBIT Labs.
An old vulnerability in the Trust Wallet iOS app may still affect individuals who created accounts with it — even if they no longer use Trust Wallet — according to a recent report from security researchers at SECBIT Labs. The vulnerability only existed from Feb. 5 through Aug. 21, 2018 and does not affect accounts created after that time period, the researchers stated. However, some users may be unaware that the vulnerability existed and may still be planning to use the exposed wallets.
The vulnerability was caused by two functions called by the Trust wallet in a Trezor library that were supposed to only be used for testing. Yet despite developer notes warning developers against their use, Trust Wallet accidentally included these functions in its iPhone wallet app, SECBIT claimed. This error allegedly allowed attackers to guess the private keys of some users and steal their funds. According to SECBIT, these accounts are still vulnerable even now.
This newly revealed vulnerability is allegedly separate and distinct from Trust Wallet’s browser extension flaw, which the Trezor team already acknowledged in April 2023.