This "Milk Sad" was apparently discovered by the guys at Ledger (they make a hardware wallet but which can also be used as a U2F device for, say, SSH logins).
These guys are good. Their CTO (or ex-CTO ?) was part of the original FIDO alliance that came up with the U2F spec.
We found the flaw in bx before ever knowing the Trustwallet flaw existed. We are not the Ledger team but their writeup on their very similar finding was fantastic so we reference it prominently.