Last week, a Trust Wallet user suddenly lost money overnight, according to a recent report shared with BeInCrypto. When he contacted the wallet to understand what happened, they informed him that he had inadvertently granted permissions to malicious websites or applications.
Eve Lam, Information Security Director at Trust Wallet, said in an interview with BeInCrypto that most unauthorized crypto withdrawals originate from user-related issues. Dmytro Yasmanovych, Compliance Manager at Hacken, shared this view and provided guidance on steps users should take if they suspect their crypto wallet has been compromised.
Overnight Loss
Last week, Matias, a crypto user from Chile, went to sleep without worry. However, when he woke up, everything had changed. According to information shared with BeInCrypto, when Matias accessed his Trust Wallet, he found that his funds had been withdrawn from the account.
Such a situation had never happened to him in his five years of using the mobile wallet. Matias soon noticed that at 8 am, a small amount of cryptocurrency was deposited into his account. Immediately after, his account was completely drained.
Matias did not know how this could happen. After contacting Trust Wallet's security team for an explanation, he learned that the issue originated from an action he had unintentionally taken.
"Based on our internal data and incident response investigations, most unauthorized withdrawals can be traced back to user-side issues," Lam told BeInCrypto.
She explained the many ways users can unintentionally share sensitive information with malicious actors.
The Reality of User-Side Vulnerabilities
Trust Wallet's analysis of internal data and incident response investigations shows that user-side issues cause most unauthorized crypto withdrawals.
These issues often involve leakage or compromise of initialization phrases, typically due to social engineering tactics, unsafe storage, and malicious smart contract approvals granted by users.
Device-level compromise incidents and other issues, such as SIM-Swap attacks or theft of unlocked devices, also contribute to these unauthorized withdrawals.
"In all these cases, the Trust Wallet application is not compromised—the problem originates from the external environment in which it is being used or from actions taken before installation," Lam detailed.
These exploitation methods are currently among the most common techniques for stealing cryptocurrency from mobile wallets.
User Error vs. Wallet Hack: Where Do Losses Occur Most?
Although Hacken lacks specific internal data on emerging mobile wallet attack trends, Yasmanovych explained to BeInCrypto that cases of money loss due to user actions are increasingly evident in the cases the cybersecurity company investigates.
"What we see in our investigations and tools indicates a much broader issue: most large-scale losses in cryptocurrency today are less related to mobile malware and more about failures in signing processes, interface security, and access control," Yasmanovych noted.
The signing process involves authorizing crypto transactions using private keys. If these keys are compromised, it allows direct signing of unauthorized transactions. Meanwhile, faulty user interfaces (UI) in crypto wallets and dApps can cause users to make harmful transactions. Attack methods include address poisoning, where attackers create look-alike addresses to intercept funds.
They also deploy fake or malicious dApps designed to steal login credentials or cause harmful transaction signatures. Additionally, UI redressing involves fraudulent overlays that trick users into performing unintended actions.
Often, users also unintentionally approve malicious smart contracts.
"That's an important point—malicious approvals can exist before Trust Wallet is installed, especially if users have interacted with Web3 applications using other wallets or browsers," Lam warned.
Once such a scenario occurs, it becomes very difficult to recover the funds.
Challenges in Fund Recovery
As a Non-Custodial wallet, Trust Wallet cannot reverse cryptocurrency transactions after fraud. However, it supports users by performing on-chain analysis to trace stolen funds. It also provides detailed incident reports to law enforcement and sometimes collaborates with forensic companies.
Despite these efforts, the ability to recover money remains very low.
"Success depends greatly on early action. When money reaches centralized exchanges (CEXs) and users quickly report to law enforcement, there is a non-zero chance of freezing assets. In all fraud-related cases, the success rate of recovery is low, but when centralized points and law enforcement are quickly involved, we have seen money recovered, like a case we supported with around $400,000 being traced," Lam told BeInCrypto.
Therefore, user education remains the most effective way to prevent issues causing these losses.
Breakthrough Discovery: What Preventive and Reactive Steps Are Important?
Trust Wallet has an integrated security scanning tool to warn about real-time threats such as interactions with known fraudulent addresses, fraudulent websites, and suspicious approvals. But sometimes, these warning signs are not enough.
To protect cryptocurrency wallets, Yasmanovych recommends that organizations and individuals implement control measures according to the Cryptocurrency Security Standard (CCSS) to manage keys and ensure operational security.
"Clearly define actions when suspecting key compromise, including recovery, fund movement and auditing, [multi-factor authentication] requirements for all wallet system and key processing interface access, using group-based access to prevent any individual from compromising funds, [and] implementing encrypted backups, geographical distribution with clearly defined recovery processes to ensure recoverability without concentrating risks," he explained.
Yasmanovych also emphasized the importance of knowing what to do after these attacks occur.
"If you suspect your cryptocurrency wallet has been compromised, act immediately: Report the incident to law enforcement and contact cryptocurrency forensic experts, track stolen funds by using chain analysis tools to monitor movement and identify related mixers or exchanges, [and] submit requests to exchanges with KYC data to attempt to freeze funds," he added.
Despite these measures, the reality is that user-side vulnerabilities continue to lead to losses.
Persistent Challenges of User Vulnerabilities in Mobile Wallets
Even with proactive security measures, the frequency of fund losses remains a significant concern. The frequency of these events emphasizes the persistent challenge of user-side vulnerabilities when using mobile wallets.
The path to a safer Web3 requires a balance between robust security protocols and users' proactive preparedness. Therefore, continuous commitment to user education and widespread adoption of these protective measures remains essential to effectively mitigate attacks and establish a safer environment across the industry.
