Trust Wallet Browser Extension Hack Affects Over 500 Users, $6M In Funds Targeted, Full Reimbursement Assured
In Brief
Trust Wallet’s browser extension was compromised in a suspected supply chain attack during the Christmas, resulting in over $6 million in unauthorized withdrawals from more than 500 users.
Cryptocurrency wallet provider Trust Wallet reported a security incident affecting version 2.68 of its browser extension, with onchain researcher ZachXBT estimating initial losses exceeding $6 million.
The incident was first reported when ZachXBT issued a community alert on Telegram on Thursday, indicating that several application users had experienced unauthorized withdrawals from their wallet addresses within a brief timeframe.
Preliminary analysis indicates a possible supply chain attack, in which malicious code may have been inserted into the extension, potentially sending users’ seed phrases to a fraudulent site when the wallet was unlocked, according to cybersecurity company Slowmist.
Blockchain analytics platform Lookonchain reported that the attacker has transferred approximately $4.25 million to platforms including ChangeNOW, FixedFloat, KuCoin, and HTX.
The Trust Wallet team confirmed that the issue is limited to Browser Extension version 2.68. Users of this version are advised to disable it and upgrade to version 2.69. Mobile users and other browser extension versions were not affected. The team emphasized that they are actively addressing the situation and will provide updates as they become available.
In order to ensure security, users who have not yet updated to version 2.69 are advised not to open the vulnerable browser extension. The provider released a step-by-step guide to update safely: users should avoid opening the extension, navigate to the Chrome Extensions panel using the official extension URL, switch off the extension if it is on, enable Developer Mode, press the “Update” button, and verify that the version number is 2.69, the latest secure version.
Over 500 Users Impacted By Browser Extension Hack, Funds To Be Fully Covered
The hack occurred unexpectedly during the Christmas holiday, when many users were unprepared. Reports indicated that users received notifications of transactions they did not initiate and wallets they had not approved. Over 500 individuals were affected, with losses ranging from $50,000 to $800,000, all involving the Trust Wallet browser extension within a 24-hour period.
Onchain researcher ZachXBT noted that numerous concerned users had reached out via direct messages seeking clarification about potential compensation for affected users. In response, the Trust Wallet team stated that their Customer Support is already contacting impacted users with guidance on next steps and advised others to reach out to support for assistance.
Cryptocurrency exchange Binance founder Changpeng Zhao who is also an owner of Trust Wallet, confirmed that user funds would be fully covered.
He expressed appreciation for users’ understanding regarding any inconvenience caused. The Trust Wallet team continues to investigate how the compromised version was submitted.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
