Trust Wallet, one of the most widely used cryptocurrency wallets in the ecosystem, disclosed a critical security vulnerability on April 22, 2023, that resulted in the loss of approximately $170,000 worth of digital assets. The breach, rooted in a flawed pseudo-random number generator within the wallet’s WebAssembly implementation, reignites urgent conversations about the security foundations of even the most trusted crypto platforms.
The Exploit Mechanics
The vulnerability was traced to the MT19937 Mersenne Twister pseudo-random number generator (PRNG) used in Trust Wallet’s open-source Wallet Core library. This PRNG, which was responsible for generating mnemonic seed phrases in the WebAssembly (WASM) version of the browser extension, relied on a single 32-bit seed value. This meant the system could only produce roughly 4 billion possible mnemonic combinations — a number that, while seemingly large, is trivially small by cryptographic standards and well within the brute-force capabilities of modern computing.
The MT19937 algorithm, based on a linear recursion method, is known to be unsuitable for cryptographic purposes. An attacker who observes a sufficient subsequence of output values can predict all subsequent outputs, effectively reconstructing the private keys generated by the flawed system. The vulnerability specifically affected new wallet addresses created between November 14 and November 23, 2022, in browser extension versions 0.0.172 and 0.0.182. Addresses generated outside this window, imported wallets, and all mobile wallets remained unaffected.
Affected Systems
According to Trust Wallet’s postmortem report, the vulnerability was initially identified not by the internal security team but through the platform’s bug bounty program. An external security researcher flagged the WebAssembly flaw in November 2022, and the company patched it on November 22 of that year. However, the delay between discovery and patching left a window during which approximately 500 vulnerable addresses with a combined balance of around $88,000 remained at risk.
Two separate exploitation events occurred — one in late December 2022 and another in late March 2023 — collectively draining roughly $170,000 in various cryptocurrencies from affected wallets. Trust Wallet confirmed that only wallets created during the specific November window were impacted, and the vulnerability has been fully resolved in current versions of the browser extension.
The Mitigation Strategy
In response to the incident, Trust Wallet announced a comprehensive reimbursement program for all affected users. The company committed to covering the full value of lost funds, signaling an important precedent for wallet providers taking responsibility for security failures in their codebase.
Additionally, Trust Wallet migrated away from the MT19937 PRNG to a cryptographically secure random number generator in all subsequent versions of Wallet Core. The company also expanded its bug bounty program, increasing reward incentives for external researchers who identify vulnerabilities before they can be exploited in the wild.
Lessons Learned
The Trust Wallet incident underscores several critical lessons for the cryptocurrency ecosystem. First, the choice of random number generator is foundational to wallet security. PRNGs that are suitable for simulation or general computing — like the Mersenne Twister — are wholly inadequate for cryptographic key generation. The gap between “random enough” and “cryptographically random” is the difference between secure funds and total loss.
Second, the bug bounty model proved its value in this case. The vulnerability was discovered by an external researcher, highlighting the importance of open-source security auditing and community-driven vulnerability disclosure. Projects that maintain transparent codebases and incentivize responsible disclosure are demonstrably more resilient.
Third, the timeline between vulnerability discovery and complete remediation matters. While Trust Wallet patched the code quickly, the period during which vulnerable addresses existed — and the two-month gap before the first exploitation event — suggests that more aggressive outreach to at-risk users could have prevented losses.
User Action Required
If you created a Trust Wallet browser extension wallet between November 14 and November 23, 2022, you should immediately transfer any remaining funds to a new, secure wallet address. Even though the vulnerability has been patched, any wallet generated during this period was produced using the flawed PRNG and its private keys could theoretically be reconstructed by an attacker.
For all crypto users, this incident serves as a reminder to regularly update wallet software, enable additional security features like two-factor authentication where available, and consider using hardware wallets for storing significant amounts of cryptocurrency. With Bitcoin trading around $27,800 and Ethereum at $1,874 at the time of this incident, the stakes for proper wallet security have never been higher.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about cryptocurrency storage and security.
a single 32-bit seed for generating mnemonics is jaw dropping. thats like locking your front door with a zip tie
a single 32-bit seed is 4 billion combinations. modern GPUs brute force that before breakfast
a single rtx 4090 can brute force 4 billion combinations in under an hour. this was never a question of if but when
zip tie is generous. more like leaving the door wide open with a sign saying please come in. 32 bits in 2023 is negligence
170k is actually lucky given the flaw. If someone had automated the brute force sooner it could have been millions. Trust Wallet needs a formal verification step for their WASM builds.
formal verification on WASM builds should be mandatory for any wallet handling mainnet funds. this was entirely preventable
using MT19937 for anything crypto related is a textbook mistake. this is covered in literally every intro to cryptography course