To Trustwallet users. Vulnerability. Repayment. - page 2.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18586

Quote from: summonerrk on April 24, 2023, 09:25:17 AM

I see that iOS version really has a open code

https://github.com/TrustWallet/trust-wallet-ios

Last commit December 10, 2018.

Software which is almost 5 years out of date is meaningless. Trust wallet is closed source.

Quote from: summonerrk on April 24, 2023, 09:25:17 AM

Therefore, we can understand how the wallet works.

Which is absolutely irrelevant. If there is no up to date source code then you have no idea what the wallet is actually doing, what bugs exist, what vulnerabilities could be exploited, or what malicious code might be there.

Quote from: summonerrk on April 24, 2023, 09:25:17 AM

So tell which one is better, but not a Ledger and Trezor.

Hardware - Passport
Software - Electrum or Sparrow

summonerrk

hero member

Activity: 1330

Merit: 687

Arts & Crypto

Quote from: o_e_l_e_o on April 24, 2023, 03:32:41 AM

Quote from: summonerrk on April 23, 2023, 12:47:04 PM

But in Trust Wallet code it is open.

No it isn't. Trust Wallet is closed source, and ran by a company (Binance) which makes money from gathering data on its users and selling that data to blockchain analysis. It is one of the worst possible wallets you can use.

I see that iOS version really has a open code

https://github.com/TrustWallet/trust-wallet-ios

Therefore, we can understand how the wallet works. As for. Android copies, that is, information that it was deleted due to the fact that fake versions of the application appeared on Google Play. Although the reason seems far-fetched to me. Also, the information about the audit also confuses me.

Quote

It is one of the worst possible wallets you can use.

So tell which one is better, but not a Ledger and Trezor.

Outhue

sr. member

Activity: 686

Merit: 403

Stop talking about this already, this hack happens because it's a browser extension, I have always warned people about browser extensions, they are more vulnerable to attacks than main crypto wallet.

And since the Trust wallet team is aware of this, they take responsibility and reimburse all those affected, this is another reason why I like everything about Binance, reputation means a lot to them.

It's true that hot wallets are the safer option but I will still keep using trust wallet as my main hot wallet, anytime any day, I still don't see a better hot wallet than trust wallet.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18586

Quote from: summonerrk on April 23, 2023, 12:47:04 PM

But in Trust Wallet code it is open.

No it isn't. Trust Wallet is closed source, and ran by a company (Binance) which makes money from gathering data on its users and selling that data to blockchain analysis. It is one of the worst possible wallets you can use.

Quote from: tvplus006 on April 23, 2023, 01:44:29 PM

Are they blatantly lying to us?

Yes. This really shouldn't be a surprise to anyone given that CZ is quite happy to lie about literally anything in order to promote Binance and make more profit.

See my previous post that un_rank linked to above. You can also see the Wallet Scrutiny report here: https://walletscrutiny.com/android/com.wallet.crypto.trustapp/. "No source for current release found".

_act_

hero member

Activity: 868

Merit: 1094

People should understand one thing, that Trustwallet is a close source wallet. People should avoid bitcoin close source wallets when there are many bitcoin open source wallets.

Quote from: summonerrk on April 23, 2023, 12:47:04 PM

This once again shows that Trust Wallet is the number one wallet.

What kind of number one wallet? The hacker reviewed itself to Binance and Binance has to compensate him for that. But the hacker would be the one that stole the coins and caused the hack. Binance did not talk about that but you people are thinking Binance did something good when the money stolen would have been given back to Binance by the hacker.

un_rank

hero member

Activity: 644

Merit: 661

- Leo -

Quote from: tvplus006 on April 23, 2023, 01:44:29 PM

I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?

Yes they are blatantly lying to us.
They themselves announced that they would be moving to closed source development in early 2018^[1] and have since done that as can be seen on their Github repositories. Links to the Github are in a reply made by o_e_l_e_o here^[2].

Maybe they lie hoping no one would actually verify if they are open source and just take their word for it. This would improve reliance on their wallet and eliminate any form of doubt. A dubious marketing strategy.

[1] https://trustwallet.medium.com/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6
[2] https://bitcointalksearch.org/topic/m.61049268

- Jay -

Ojima-ojo

sr. member

Activity: 700

Merit: 429

Quote from: Die_empty on April 23, 2023, 02:08:12 PM

Quote from: _act_ on April 23, 2023, 06:20:16 AM

Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote

“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."

Trust wallet has done really well. It has proved to haters of decentralization that there are reputable wallets that will take responsibility for their actions or inactions. Reimbursing these losses will boast the confidence of its users and attract more clients to use the wallet. They must increase their security because they might not be able to repay their clients if the loss is a huge amount. I think it is important to study more about exchanges before selecting because lack of knowledge could be disastrous.

That is what you get when you used a wallet that have centralized relation under licence and insurance, good to hear that trust wallet return users money after the hack as. As a result of their vulnerability, trust Wallet is reputable enough and has some traction of success and wider public adoption this incident has shown the team the lip hole that needs to be worked on in the wallet, and this incident may negatively affect their public trust.

Just like FTX refunding their customer or can only serve as a Relief but it will not change the distrust users already have with them, the vulnerability with trust wallet has been around for awhile and there has not been any tangible development toward tracking and eliminating those bugs for years now.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: Accardo on April 23, 2023, 01:51:32 PM

They is a saying that; “what you don't know is bigger than you". We all know about hardware wallets and different kinds or types of wallets; cold and hot wallets etc and because we know these things we assume that the millions of people into the cryptocurrency market are aware of them too. I've had an argumet with a close business partner and he meant it eye ball to eye ball that blockchain.info is the best wallet and even the only wallet in the cryptocurrency market. And he draws the line because the name began with blockchain. I had to explain to him that they're other wallets like Electrum which are better than what he thinks is the best. A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.

It's a nice story but unfortunately Electrum only supports one cryptocurrency currently : Bitcoin, and they don't seem to be ready to add any other cryptos for now, so it can't replace multi-coins wallets like the one of your business partner or Trust Wallet. Today, if you want to avoid leaving your crypto assets on platforms you need to have a multi-currency wallet. Unfortunately only few of those available are really reliable and trustworthy.

Quote from: tvplus006 on April 23, 2023, 01:44:29 PM

I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?

It's not fully open source even if important parts of the code are publicly available. But if you can't build yourself the app from the code you can't be sure which code is actually used inside of the wallet you have downloaded.

Huppercase

hero member

Activity: 784

Merit: 517

Quote from: _act_ on April 23, 2023, 06:20:16 AM

If Trustwallet had been publicly available as open source software, a developer or an engineer with a good reputation could have detected the bug and reported it to the community promptly. I also use this wallet, but I have learned a lot from the mistake that many people have made by using it. This vulnerability has damaged the reputation of Trustwallet, and it may no longer be a trustworthy wallet to many people, they cannot afford to wait for another hacking incident to occur before their wallets are drained of funds, the next one can be a repeat of the similar attack or an inside job, it's difficult to trust people when it comes to money. Embarrassed

ajiz138

hero member

Activity: 1498

Merit: 785

Quote from: BIT-BENDER on April 23, 2023, 02:46:44 PM

Quote from: tvplus006 on April 23, 2023, 06:33:32 AM

The fact that Trust Wallet guarantees compensation for losses that arose as a result of hacking due to vulnerability is a positive signal for the entire cryptocurrency market. Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.

I think compensation is a good step for now from the Trust Wallet team, we has seen some exchanges and projects with similar situations and they did nothing of such.

If there is compensation, it means there is insurance applied by Trustwallet so that when there is a vulnerability attack that causes their funds to be lost, compensation will be given, so indeed it is a good step that Trustwallet has taken to guarantee all users with their assets.

There may be other reasons for exchanges or other projects to fail to compensate and this is usually where they lose the community a lot because they lose their responsibilities.

Quote from: BIT-BENDER on April 23, 2023, 02:46:44 PM

But it’s beyond compensation and it sounds dramatic to say trust wallet has lost some people’s trust in it, the crypto-currency space is constantly getting attacks so it’s best to save your own funds in your wallet.

I don't think it's too big a loss for Trustwallet considering it's a big project, so they are willing to compensate to maintain trust in the community and it's not going to be dramatic because they always act quickly.

If there is a loophole then it's an opportunity for hackers to look for it, if you want to be more secure then a hardware wallet is the best way to store your coins.

BIT-BENDER

hero member

Activity: 1498

Merit: 702

Quote from: tvplus006 on April 23, 2023, 06:33:32 AM

The fact that Trust Wallet guarantees compensation for losses that arose as a result of hacking due to vulnerability is a positive signal for the entire cryptocurrency market. Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.

I think compensation is a good step for now from the Trust Wallet team, we has seen some exchanges and projects with similar situations and they did nothing of such.

But it’s beyond compensation and it sounds dramatic to say trust wallet has lost some people’s trust in it, the crypto-currency space is constantly getting attacks so it’s best to save your own funds in your wallet.

Coyster

legendary

Activity: 1946

Merit: 1224

Life's but a walking shadow!

Quote from: Accardo on April 23, 2023, 01:51:32 PM

A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.

You can see the problem stems from lack of research right, and it is the fault of the users, is there anyone who doesn't secure their money in fiat, they either put it in the bank or in other places they consider secure, they also safeguard their sensitive banking information, thus for someone who wants to use Bitcoin, knowing fully when that it's also a currency (their own money for that matter), and can be stolen the very same way their fiat currency can, why won't that person do their due dilligence and do what's right. Nobody was born with Bitcoin knowledge, so i don't make excuses for people who want to use Bitcoin, but what to skip the part where they have to research about it.

Die_empty

hero member

Activity: 686

Merit: 987

Give all before death

Quote from: _act_ on April 23, 2023, 06:20:16 AM

Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote

“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."

Trust wallet has done really well. It has proved to haters of decentralization that there are reputable wallets that will take responsibility for their actions or inactions. Reimbursing these losses will boast the confidence of its users and attract more clients to use the wallet. They must increase their security because they might not be able to repay their clients if the loss is a huge amount. I think it is important to study more about exchanges before selecting because lack of knowledge could be disastrous.

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: Coyster on April 23, 2023, 12:38:21 PM

Quote from: Accardo on April 23, 2023, 10:15:02 AM

I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware.

Isn't it quite comical to you that someone would be uncomfortable using a hardware wallet and an open source software wallet, but would be comfortable with storing their funds in exchanges, well i am not surprised, everyone wants to buy and hodl Bitcoin, but only a handful want to do their due dilligence to know the dos and don'ts.

They is a saying that; “what you don't know is bigger than you". We all know about hardware wallets and different kinds or types of wallets; cold and hot wallets etc and because we know these things we assume that the millions of people into the cryptocurrency market are aware of them too. I've had an argumet with a close business partner and he meant it eye ball to eye ball that blockchain.info is the best wallet and even the only wallet in the cryptocurrency market. And he draws the line because the name began with blockchain. I had to explain to him that they're other wallets like Electrum which are better than what he thinks is the best. A week later after doing his research he came back to me and testified that he was wrong. I understand the feeling but what you know, others don't know a tip of it. That's why when they make these mistakes they tend to leave the market because it seems complex to them.

tvplus006

legendary

Activity: 2268

Merit: 1655

To the Moon

Quote from: un_rank on April 23, 2023, 10:20:03 AM

Its community should indeed decrease and not exactly for the reason you sighted but cause it is closed source and its users cannot verify what is contained in their code or their mode of generating addresses. ..

I do not know on what basis you made such a conclusion, but the official Trust Wallet website states that "Trust Wallet is a community driven, open-source, multi coin crypto wallet" - https://trustwallet.com/developer/ Are they blatantly lying to us?

Merit.s

sr. member

Activity: 350

Merit: 255

Trust wallet has done great for them to take the responsibility of their users funds that was stolen due to the vulnerability in their system. This shows that they really care about their users and also want to build a good reputation. In my own opinion,it is better to switch a a decentralized wallet that you are in charge of your funds because if you have a proper back of your seed phrase and can keep your wallet safe,there will be nothing to worry about. Bitcoin was created to be used and store in a decentralized way,so let's not use it the other way round.

summonerrk

hero member

Activity: 1330

Merit: 687

Arts & Crypto

Quote from: _act_ on April 23, 2023, 06:20:16 AM

If you use Trustwallet browser extension between November 14 and 23, 2022, you need to read this:

https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786

Quote

In November 2022, a security researcher reported a WebAssembly (WASM) vulnerability in our open-source library, Wallet Core, through our bug bounty program. Our Trust Wallet Browser Extension uses WASM in Wallet Core, and new wallet addresses generated between November 14 and 23, 2022 by Browser Extension contain this vulnerability. We quickly patched the vulnerability, and all addresses created after those dates are safe.

Despite our best efforts, we proactively detected two potential exploits, resulting in a total loss of approximately $170,000 USD at the time of the attack. As a commitment to transparency and user protection, we want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible.

If you have not been affected, send your coins to another address, I will suggest you to use an open source wallet instead of Trustwallet or other close source wallets.

If you are affected, continue reading the link to know what to do: https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786

Trust Wallet to reimburse users after $170,000 security incident: https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Quote

“We want to assure users that we will reimburse eligible losses from hacks due to the vulnerability and have created a reimbursement process for the affected users. And we urged affected users [to] move the remaining ~$88,000 USD balance on all the vulnerable addresses as soon as possible."

This once again shows that Trust Wallet is the number one wallet. My personal experience: I have already encountered the vulnerability of a Bitcoin wallet - something about $ 600 was stolen from me with Jaxx.
At that time, I didn't know that he was a scam. After that, I began to closely study all the wallets on which I was going to store money. So: I recently installed Exodus, on the advice of a beautiful UI and reliability.
But when I began to study it, I realized that the source code was CLOSED. But in Trust Wallet code it is open. It's not just like that, only a good wallet can trust itself with an open code for users. So I switched to the Trust Wallet.

Coyster

legendary

Activity: 1946

Merit: 1224

Life's but a walking shadow!

Quote from: Accardo on April 23, 2023, 10:15:02 AM

I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware.

Isn't it quite comical to you that someone would be uncomfortable using a hardware wallet and an open source software wallet, but would be comfortable with storing their funds in exchanges, well i am not surprised, everyone wants to buy and hodl Bitcoin, but only a handful want to do their due dilligence to know the dos and don'ts. Of course there are unsafe wallets, and ironically Trust wallet might be one of them because it is closed source, and if you are scared you'd lose your keys if you have it, be rest assured that a centralized can also lose it, and anytime they control the keys to your funds, the funds isn't yours.

un_rank

hero member

Activity: 644

Merit: 661

- Leo -

Quote from: tvplus006 on April 23, 2023, 06:33:32 AM

Thus, Trust Wallet is trying to preserve its community, which would inevitably decrease if there was no declaration on compensation for damage.

Its community should indeed decrease and not exactly for the reason you sighted but cause it is closed source and its users cannot verify what is contained in their code or their mode of generating addresses.
Needing to guarantee compensation could be cause they bear responsibility for losses of assets or private information submitted, which would not happen if it were a decentralized platform.

- Jay -

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Trust wallet assures their users about securing their funds all the time, since they've failed this time, it's an obligation to reimburse all the affected people, to avoid the escalation of the wallet's vulnerability, it will affect their PR. Though trust wallet isn't a wallet to store a whooping amount of assets, people find it user friendly that's the reason I can see why lots of people recommended that wallet. I've also realized that users prefer storing money on exchanges because they feel most wallets are not secure too. And some wouldn't want to make use of hardware wallet for different reasons as lossing their keys or the hardware. To use cryptocurrency we must all be careful. Trust wallet has maintained the trust in the Brand's name on this issue.

Topic: To Trustwallet users. Vulnerability. Repayment. - page 2. (Read 382 times)