April 25, 2023.
The Trust Wallet, a widely used software wallet, faced a significant security flaw with its browser extension’s seed generation, possessing only 32 bits of total entropy. A file containing all potential seeds was created due to this flaw. Fortunately, the Ledger Donjon detected the vulnerability swiftly, potentially preventing a major hack in the cryptocurrency ecosystem. The browser extension, released on November 14, 2022, offered direct access to digital assets on various blockchains from the browser, complementing the existing iOS and Android apps. The critical vulnerability allowed an attacker to steal assets from any wallet created with the extension without user interaction. The Ledger Donjon outlines the vulnerability’s details, discovery process, impact, estimation of vulnerable assets, and Trust Wallet’s response to address the issue.