Trust Wallet

2018-02-01

Trust Wallet iOS app introduces low-entropy key generation flaw using trezor-crypto-ios v0.0.4, seeding PRNG with Unix timestamp only

2018-07-01

Binance acquires Trust Wallet

2018-07-16

Low-entropy flaw patched in trezor-crypto-ios v0.0.7, but wallets created during the vulnerable window remain exposed

2022-11-14

Trust Wallet browser extension begins generating wallets using weak Mersenne Twister PRNG; vulnerability window opens

2022-11-23

Browser extension WebAssembly vulnerability window closes; researcher later discloses flaw via bug bounty

2023-04-22

Trust Wallet publicly discloses WebAssembly PRNG vulnerability, confirms $170,000 in user losses, announces reimbursement

2023-07-12

Attackers exploit 2018-era low-entropy iOS flaw against 2,100+ Ethereum addresses; over 1,360 ETH stolen across multiple chains

2024-02-01

NIST formally adds Trust Wallet iOS vulnerability to National Vulnerability Database as CVE-2024-23660 (CVSS 7.5 High)

2025-01-01

TrustWalletPanel phishing operation (tttadmin.com) begins 14-month campaign targeting Trust Wallet users; at least $239,000 stolen

2025-11-01

Sha1-Hulud supply chain attack exposes Trust Wallet GitHub secrets, including Chrome Web Store API credentials

2025-12-08

Attacker registers exfiltration domain in preparation for Chrome extension compromise

2025-12-21

First exfiltration requests from compromised infrastructure begin

2025-12-24

Malicious Trust Wallet browser extension v2.68 published to Chrome Web Store via leaked API key; mnemonic exfiltration begins

2025-12-25

ZachXBT flags suspected Trust Wallet extension issue as users report drained funds; requests affected addresses from victims

2025-12-26

Trust Wallet confirms v2.68 incident, rolls back to v2.67 as v2.69, revokes API credentials, announces $8.5M impact across 2,520 addresses