Pages:
Author

Topic: To Trustwallet users. Vulnerability. Repayment. - page 2. (Read 382 times)

legendary
Activity: 2268
Merit: 18711
I see that iOS version really has a open code

https://github.com/TrustWallet/trust-wallet-ios
Last commit December 10, 2018.

Software which is almost 5 years out of date is meaningless. Trust wallet is closed source.

Therefore, we can understand how the wallet works.
Which is absolutely irrelevant. If there is no up to date source code then you have no idea what the wallet is actually doing, what bugs exist, what vulnerabilities could be exploited, or what malicious code might be there.

So tell which one is better, but not a Ledger and Trezor.
Hardware - Passport
Software - Electrum or Sparrow
hero member
Activity: 1470
Merit: 790
ARTS & Crypto
But in Trust Wallet code it is open.
No it isn't. Trust Wallet is closed source, and ran by a company (Binance) which makes money from gathering data on its users and selling that data to blockchain analysis. It is one of the worst possible wallets you can use.


I see that iOS version really has a open code

https://github.com/TrustWallet/trust-wallet-ios

Therefore, we can understand how the wallet works. As for. Android copies, that is, information that it was deleted due to the fact that fake versions of the application appeared on Google Play. Although the reason seems far-fetched to me. Also, the information about the audit also confuses me.

Quote
It is one of the worst possible wallets you can use.
So tell which one is better, but not a Ledger and Trezor.
sr. member
Activity: 686
Merit: 403
Stop talking about this already, this hack happens because it's a browser extension, I have always warned people about browser extensions, they are more vulnerable to attacks than main crypto wallet.

And since the Trust wallet team is aware of this, they take responsibility and reimburse all those affected, this is another reason why I like everything about Binance, reputation means a lot to them.

It's true that hot wallets are the safer option but I will still keep using trust wallet as my main hot wallet, anytime any day, I still don't see a better hot wallet than trust wallet.
legendary
Activity: 2268
Merit: 18711
But in Trust Wallet code it is open.
No it isn't. Trust Wallet is closed source, and ran by a company (Binance) which makes money from gathering data on its users and selling that data to blockchain analysis. It is one of the worst possible wallets you can use.

Are they blatantly lying to us?
Yes. This really shouldn't be a surprise to anyone given that CZ is quite happy to lie about literally anything in order to promote Binance and make more profit.

See my previous post that un_rank linked to above. You can also see the Wallet Scrutiny report here: https://walletscrutiny.com/android/com.wallet.crypto.trustapp/. "No source for current release found".
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
People should understand one thing, that Trustwallet is a close source wallet. People should avoid bitcoin close source wallets when there are many bitcoin open source wallets.

This once again shows that Trust Wallet is the number one wallet.
What kind of number one wallet? The hacker reviewed itself to Binance and Binance has to compensate him for that. But the hacker would be the one that stole the coins and caused the hack. Binance did not talk about that but you people are thinking Binance did something good when the money stolen would have been given back to Binance by the hacker.
hero member
Activity: 644
Merit: 661
- Jay -
I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?
Yes they are blatantly lying to us.
They themselves announced that they would be moving to closed source development in early 2018[1] and have since done that as can be seen on their Github repositories. Links to the Github are in a reply made by o_e_l_e_o here[2].

Maybe they lie hoping no one would actually verify if they are open source and just take their word for it. This would improve reliance on their wallet and eliminate any form of doubt. A dubious marketing strategy.

[1] https://trustwallet.medium.com/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6
[2] https://bitcointalksearch.org/topic/m.61049268

- Jay -
hero member
Activity: 826
Merit: 481
Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote
“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."
Trust wallet has done really well. It has proved to haters of decentralization that there are reputable wallets that will take responsibility for their actions or inactions. Reimbursing these losses will boast the confidence of its users and attract more clients to use the wallet. They must increase their security because they might not be able to repay their clients if the loss is a huge amount. I think it is important to study more about exchanges before selecting because lack of knowledge could be disastrous.
That is what you get when you used a wallet that have centralized relation under licence and insurance, good to hear that trust wallet return users money after the hack as. As a result of their vulnerability, trust Wallet is reputable enough and has some traction of success and wider public adoption this incident has shown the team the lip hole that needs to be worked on in the wallet, and this incident may negatively affect their public trust.


Just like FTX refunding their customer or can only serve as a Relief but it will not change the distrust users already have with them, the vulnerability with trust wallet has been around for awhile and there has not been any tangible development toward tracking and eliminating those bugs for years now.
legendary
Activity: 2604
Merit: 2353
They is a saying that; “what you don't know is bigger than you". We all know about hardware wallets and different kinds or types of wallets; cold and hot wallets etc and because we know these things we assume that the millions of people into the cryptocurrency market are aware of them too. I've had an argumet with a close business partner and he meant it eye ball to eye ball that blockchain.info is the best wallet and even the only wallet in the cryptocurrency market. And he draws the line because the name began with blockchain. I had to explain to him that they're other wallets like Electrum which are better than what he thinks is the best. A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.
It's a nice story but unfortunately Electrum only supports one cryptocurrency currently : Bitcoin, and they don't seem to be ready to add any other cryptos for now, so it can't replace multi-coins wallets like the one of your business partner or Trust Wallet. Today, if you want to avoid leaving your crypto assets on platforms you need to have a multi-currency wallet. Unfortunately only few of those available are really reliable and trustworthy.


I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?
It's not fully open source even if important parts of the code are publicly available. But if you can't build yourself the app from the code you can't be sure which code is actually used inside of the wallet you have downloaded.
hero member
Activity: 938
Merit: 552


If Trustwallet had been publicly available as open source software, a developer or an engineer with a good reputation could have detected the bug and reported it to the community promptly. I also use this wallet, but I have learned a lot from the mistake that many people have made by using it. This vulnerability has damaged the reputation of Trustwallet, and it may no longer be a trustworthy wallet to many people, they cannot afford to wait for another hacking incident to occur before their wallets are drained of funds, the next one can be a repeat of the similar attack or an inside job, it's difficult to trust people when it comes to money. Embarrassed
hero member
Activity: 1498
Merit: 785
The fact that Trust Wallet guarantees compensation for losses that arose as a result of hacking due to vulnerability is a positive signal for the entire cryptocurrency market. Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.
I think compensation is a good step for now from the Trust Wallet team, we has seen some exchanges and projects with similar situations and they did nothing of such.
If there is compensation, it means there is insurance applied by Trustwallet so that when there is a vulnerability attack that causes their funds to be lost, compensation will be given, so indeed it is a good step that Trustwallet has taken to guarantee all users with their assets.

There may be other reasons for exchanges or other projects to fail to compensate and this is usually where they lose the community a lot because they lose their responsibilities.

But it’s beyond compensation and it sounds dramatic to say trust wallet has lost some people’s trust in it, the crypto-currency space is constantly getting attacks so it’s best to save your own funds in your wallet.
I don't think it's too big a loss for Trustwallet considering it's a big project, so they are willing to compensate to maintain trust in the community and it's not going to be dramatic because they always act quickly.

If there is a loophole then it's an opportunity for hackers to look for it, if you want to be more secure then a hardware wallet is the best way to store your coins.
hero member
Activity: 1666
Merit: 709
Playbet.io - Crypto Casino and Sportsbook
The fact that Trust Wallet guarantees compensation for losses that arose as a result of hacking due to vulnerability is a positive signal for the entire cryptocurrency market. Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.
I think compensation is a good step for now from the Trust Wallet team, we has seen some exchanges and projects with similar situations and they did nothing of such.

But it’s beyond compensation and it sounds dramatic to say trust wallet has lost some people’s trust in it, the crypto-currency space is constantly getting attacks so it’s best to save your own funds in your wallet.
legendary
Activity: 2184
Merit: 1302
A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.
You can see the problem stems from lack of research right, and it is the fault of the users, is there anyone who doesn't secure their money in fiat, they either put it in the bank or in other places they consider secure, they also safeguard their sensitive banking information, thus for someone who wants to use Bitcoin, knowing fully when that it's also a currency (their own money for that matter), and can be stolen the very same way their fiat currency can, why won't that person do their due dilligence and do what's right. Nobody was born with Bitcoin knowledge, so i don't make excuses for people who want to use Bitcoin, but what to skip the part where they have to research about it.
hero member
Activity: 686
Merit: 987
Give all before death
Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote
“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."
Trust wallet has done really well. It has proved to haters of decentralization that there are reputable wallets that will take responsibility for their actions or inactions. Reimbursing these losses will boast the confidence of its users and attract more clients to use the wallet. They must increase their security because they might not be able to repay their clients if the loss is a huge amount. I think it is important to study more about exchanges before selecting because lack of knowledge could be disastrous.
hero member
Activity: 1274
Merit: 561
Leading Crypto Sports Betting & Casino Platform
I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware.
Isn't it quite comical to you that someone would be uncomfortable using a hardware wallet and an open source software wallet, but would be comfortable with storing their funds in exchanges, well i am not surprised, everyone wants to buy and hodl Bitcoin, but only a handful want to do their due dilligence to know the dos and don'ts.

They is a saying that; “what you don't know is bigger than you". We all know about hardware wallets and different kinds or types of wallets; cold and hot wallets etc and because we know these things we assume that the millions of people into the cryptocurrency market are aware of them too. I've had an argumet with a close business partner and he meant it eye ball to eye ball that blockchain.info is the best wallet and even the only wallet in the cryptocurrency market. And he draws the line because the name began with blockchain. I had to explain to him that they're other wallets like Electrum which are better than what he thinks is the best. A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.
legendary
Activity: 2268
Merit: 1655
To the Moon
Its community should indeed decrease and not exactly for the reason you sighted but cause it is closed source and its users cannot verify what is contained in their code or their mode of generating addresses. ..

I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?
sr. member
Activity: 378
Merit: 258
Lohamor Family
Trust wallet has done great for them to take the responsibility of their users funds that was stolen due to the vulnerability in their system. This shows that they really care about their users and also want to build a good reputation. In my own opinion,it is better to switch a a decentralized wallet that you are in charge of your funds because if you have a proper back of your seed phrase and can keep your wallet safe,there will be nothing to worry about. Bitcoin was created to be used and store in a decentralized way,so let's not use it the other way round.
hero member
Activity: 1470
Merit: 790
ARTS & Crypto
If you use Trustwallet browser extension between November 14 and 23, 2022, you need to read this:

https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786

Quote
In November 2022, a security researcher reported a WebAssembly (WASM) vulnerability in our open-source library, Wallet Core, through our bug bounty program. Our Trust Wallet Browser Extension uses WASM in Wallet Core, and new wallet addresses generated between November 14 and 23, 2022 by Browser Extension contain this vulnerability. We quickly patched the vulnerability, and all addresses created after those dates are safe.

Despite our best efforts, we proactively detected two potential exploits, resulting in a total loss of approximately $170,000 USD at the time of the attack. As a commitment to transparency and user protection, we want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible.

If you have not been affected, send your coins to another address, I will suggest you to use an open source wallet instead of Trustwallet or other close source wallets.

If you are affected, continue reading the link to know what to do: https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786


Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote
“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."

This once again shows that Trust Wallet is the number one wallet. My personal experience: I have already encountered the vulnerability of a Bitcoin wallet - something about $ 600 was stolen from me with Jaxx. 
At that time, I didn't know that he was a scam. After that, I began to closely study all the wallets on which I was going to store money. So: I recently installed Exodus, on the advice of a beautiful UI and reliability.
But when I began to study it, I realized that the source code was CLOSED. But in Trust Wallet code it is open. It's not just like that, only a good wallet can trust itself with an open code for users. So I switched to the Trust Wallet.
legendary
Activity: 2184
Merit: 1302
I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware.
Isn't it quite comical to you that someone would be uncomfortable using a hardware wallet and an open source software wallet, but would be comfortable with storing their funds in exchanges, well i am not surprised, everyone wants to buy and hodl Bitcoin, but only a handful want to do their due dilligence to know the dos and don'ts. Of course there are unsafe wallets, and ironically Trust wallet might be one of them because it is closed source, and if you are scared you'd lose your keys if you have it, be rest assured that a centralized can also lose it, and anytime they control the keys to your funds, the funds isn't yours.
hero member
Activity: 644
Merit: 661
- Jay -
Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.
Its community should indeed decrease and not exactly for the reason you sighted but cause it is closed source and its users cannot verify what is contained in their code or their mode of generating addresses.
Needing to guarantee compensation could be cause they bear responsibility for losses of assets or private information submitted, which would not happen if it were a decentralized platform.

- Jay -
hero member
Activity: 1274
Merit: 561
Leading Crypto Sports Betting & Casino Platform
Trust wallet assures their users about securing their funds all the time, since they've failed this time, it's an obligation to reimburse all the affected people, to avoid the escalation of the wallet's vulnerability, it will affect their PR. Though trust wallet isn't a wallet to store a whooping amount of assets, people find it user friendly that's the reason I can see why lots of people recommended that wallet. I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware. To use cryptocurrency we must all be careful. Trust wallet has maintained the trust in the Brand's name on this issue.
Pages:
Jump to: