Download Trust Wallet

BEP2 Migration Incident: Update and Recommended Actions

Published on: Mar 28, 2024
Share post
In Brief

Information on the resolved BEP2 to BEP20 migration issue in the Trust Wallet browser extension. Details on what happened, the fix, and info for affected users.

BEP2 Migration Incident: Update and Recommended Actions

Latest Update for April 8, 2024

Please note that all reimbursement payments have been completed.


On March 16, 2024, our team was alerted via our community that the Trust Wallet browser extension BEP2 to BEP20 migration feature was not functioning as expected. In keeping things transparent with our community, this article outlines the facts of this incident including:

Important: It’s critical to note that this issue only affected one feature of the Trust Wallet browser extension for a very brief period of time, not impacting any other features. Additionally, this issue did not affect the Trust Wallet mobile app in any way. Both the mobile app and browser extension remain safe to use.

What Happened

The BNB Chain team had previously announced the sunsetting of the BNB Beacon Chain (BEP2). As such, they recommended users to migrate their BEP2 assets to the BNB Smart Chain (BEP20) to avoid asset loss. In line with our principles of making Web3 easier for millions of people, we decided to build a new tool for the Trust Wallet browser extension—making this migration process more seamless.

The migration feature, originally added in version 2.7.0 of the browser extension, functioned normally as expected until the release of version 2.9.0. However, the update to version 2.9.0 included modifications to the existing logic that introduced a bug to the migration feature. The bug, which persisted in extension version 2.9.1, caused migrated assets to be redirected to an incorrect address, not associated with the user's wallet, leading to a loss of funds for a very small number of our users.

It’s worth mentioning that this bug was quickly reported by our community members through our bug bounty program. We appreciate the quick flag.

Note: For clarity, Trust Wallet mobile apps are not affected at all. The extension bug was not the result of a security issue, nor the result of a malicious actor. Also, the only versions of the browser extension affected by this issue were, 2.9.0 and 2.9.1. No other versions of the browser extension experienced this issue.

Based on the bug reports, our team swiftly fixed the issue, released in extension version 2.9.2—so any following versions including the recently released 2.9.3 also include the fix and are safe to use.

How we fixed the issue

Upon receiving reports, our team investigated and did the following to quickly mitigate and patch the issue:

To ensure you have a fixed version of the extension, we recommend you either completely quit and restart your browser, or update your browser. By default, your browser keeps Chrome extensions up to date, so all users should have an updated fixed version of the Trust Wallet extension—however restarting or updating the browser helps to ensure you receive the update.

The latest version of the Trust Wallet browser extension is safe and secure to use. The Trust Wallet mobile app was not affected by the bug, and remains safe and secure to use.

The sections below outline who is not affected, who may be, and important information for those who lost funds due to the bug.




Latest update for April 8, 2024: Please note that all reimbursement payments have been completed.

If you are an affected user, any lost BEP2 assets caused by the bug in the extension version 2.9.0 or 2.9.1 will be automatically reimbursed to your wallet address by mid April, 2024. The reimbursement will be sent to the same wallet address you initiated the migration from using browser extension version 2.9.0 or 2.9.1, and where funds were lost. We decided to directly reimburse the funds to your BEP2 address, as it’s the fastest way to get your assets back to you and requires least effort from you. For clarity, there are no actions required for reimbursement if you are an affected user—as the assets will automatically be sent back to your wallet address.

Note: We plan to re-introduce the migration feature in the extension in early April. If you wish to migrate your BEP2 assets to the BNB Smart Chain (BEP20) before the migration feature is available in the extension again, you can use the instructions in this guide—which outlines how to use the Trust Wallet mobile app for the migration.

Frequently Asked Questions (FAQ)

Is it safe to use the Browser Extension?

Yes, it is safe to use. We’ve implemented a fix to the browser extension, and the updated extension was released. Version 2.9.2, 2.9.3, and greater, all include this fix. Additionally, no other features of the browser extension were impacted by the previous issue, and the Trust Wallet mobile app was also not affected in any way.

How do I update my browser extension to a fixed version?

By default, your browser keeps chrome extensions up to date. The migration issue was fixed in extension version 2.9.2. So as long as you’re using 2.9.2, 2.9.3, or greater, you’re using the fixed updated version. If you want to ensure you have extension version 2.9.2 or greater, follow these steps to confirm your version number:

If you notice you do not yet have one of the updated versions, you can try either quitting your browser completely and reopening it, or updating the browser.

Was Trust Wallet compromised by a malicious actor?

No, Trust Wallet was neither hacked, nor affected by a malicious actor. The previous bug was not the result of a security issue. As highlighted, during updates to version 2.9.0, a bug was inadvertently introduced that affected just only the migration feature of the Trust Wallet browser extension. This was quickly identified and fixed. The Trust Wallet mobile app was not affected in any way by this issue. And both the Trust Wallet browser extension and mobile remain safe and secure to use.

For affected users, will assets be reimbursed as the original BEP2 asset?

In the vast majority of cases, yes, the original asset that was lost will be reimbursed as the same asset. The only exception is for the ShareToken (SHR) BEP2 token. In the case of lost SHR, users will rather be reimbursed an equivalent value in USDT.

What should I do if I want to safely migrate my BEP2 assets to BEP20?

For Trust Wallet users who wish to migrate their assets you can do the following:

How will you ensure this issue doesn’t happen again?

That said, we take full ownership of this situation and appreciate your patience while any affected users are reimbursed. To help prevent situations like this from arising again, we will of course continue to utilize our bug bounty program in addition to implementing even more comprehensive testing procedures to ensure the robustness of our updates before they are deployed.

The issue, which only affected the migration feature of the browser extension for a brief period of time, has been resolved. It's an inherent part of technology development that, despite best efforts, bugs can emerge. This is why we, like many reputable organizations in the Web3 space and beyond, employ a bug bounty program. Learn more about the bug bounty program.


Join the Trust Wallet community on Telegram Follow us on X (formerly Twitter) Instagram Facebook Reddit

Note: Any cited numbers, figures, or illustrations are reported at the time of writing, and are subject to change.

Simple and convenient
to use, seamless to explore

Download Trust Wallet