It is the year 2023 – and for curious reasons some people are still storing more than pocket change in a Browser wallet(!).
In the newest case demonstrating that this is an incredibly bad idea if you prefer to keep your money safe, the Trust Wallet browser extension was revealed to be provably unsecure since many months.
To understand how bad this specific incident was:
- “Seed generation of Trust Wallet [browser extension] was flawed, the total entropy was only 32 bits. We have created a file containing all possible seeds.”
- “By knowing the address of an account, it is possible to immediately compute its private key, then access all its funds.”
…which means in layman terms:
Any wallet you created via the Trust Wallet Browser extension was at risk to be immediately drained by an attacker.
While in this specific case due to quick action by white hat hackers large-scale damage could be prevented, it shows once more:
A Browser wallet is *NOT* the place to store any amounts you would lose sleep over if they’re gone.
Get a hardware wallet, take your keys offline – and ideally learn to MultiSig.
And if you’re based in Vietnam and looking to get started:
We’ve got the goods and the tales to put you on the right track.