One user has got all of his XRP from Trust wallet. This very user never connected with XRPL to any DEX or shady website. So, how did he get XRP stolen from Trust wallet?
Well, as you all know, Trust wallet is a multi coin wallet that makes use of a single pass phrase to generate all the private keys. The user had connected EVM wallet, later associated with Trust wallet three years ago. That wallet was previously used on metamask with various portals and DAPPs.
The user says he had disconnected metamask from those website many times but, we suspect there could have been some that were still connected to this date.
Interestingly, over the past few years, he never had any funds stolen from this EVM wallet. This wallet was then imported to Trust wallet as a multi coin wallet.
He then sent 100 XRP to this wallet followed by another 100 XRP.
The funds were stolen and sent to hacker’s address. Can we blame some malware for this? The user did mention he had stored Trust wallet seed on his iPhone. So, it could be that a malware application might have read data from the notes app.
What can we learn from this Trust wallet hack?
First, Neve store you passphrase / seed phrase in notes app where it is stored in plain text. Take a printout of seed phrase and store it where no-one has access to it.
Second, use hardware cryptocurrency wallets. Despite the latest Ledger wallet privacy fiasco, they still remain the safest way of storing crypto currencies.