Trust Wallet Browser Extension Hack Affects Over 500 Users, $6M In Funds Targeted, Full Reimbursement Assured
In Brief
Trust Wallet’s browser extension was compromised in a suspected supply chain attack during the Christmas, resulting in over $6 million in unauthorized withdrawals from more than 500 users.
Cryptocurrency wallet provider Trust Wallet reported a security incident affecting version 2.68 of its browser extension, while onchain researcher ZachXBT estimated initial losses exceeding $6 million.
The incident was first reported when ZachXBT issued a community alert on messaging platform Telegram on Thursday, indicating that several application users had experienced unauthorized withdrawals from their wallet addresses within a brief timeframe.
Preliminary analysis indicates a possible supply chain attack, in which malicious code may have been inserted into the extension, potentially sending users’ seed phrases to a fraudulent site when the wallet was unlocked, according to cybersecurity company Slowmist.
Blockchain analytics platform Lookonchain reported that the attacker has transferred approximately $4.25 million to platforms including ChangeNOW, FixedFloat, KuCoin, and HTX.
The Trust Wallet team further revealed that the issue is limited to Browser Extension version 2.68. Users of this version are advised to disable it and upgrade to version 2.69. Meanwhile, mobile users and other browser extension versions were not affected. The team emphasized that they are addressing the situation and will provide updates as they become available.
In order to ensure security, users who have not yet updated to version 2.69 are advised not to open the vulnerable browser extension. Trust Wallet also released a step-by-step guide to update safely: users should navigate to the Chrome Extensions panel using the official extension URL, switch off the previous extension if it is on, enable Developer Mode, press the “Update” button, and verify that the version number is 2.69, the latest secure version.
Over 500 Users Impacted By Browser Extension Hack, Funds To Be Fully Covered
The hack occurred unexpectedly during the Christmas holiday, when many were unprepared. Reports indicated that users received notifications of transactions they did not initiate and wallets they had not approved. Over 500 individuals were affected, with losses ranging from $50,000 to $800,000, all involving the wallet’s Chrome extension within a 24-hour period.
ZachXBT noted that numerous affected users had reached out via direct messages expressing concerns and seeking clarification about potential compensation. In response, the project’s team stated that their Customer Support is already contacting those, who were impacted with guidance on next steps and advised others to consult with support for assistance.
Notably, founder of cryptocurrency exchange , Changpeng Zhao, who is also an owner of Trust Wallet, has already confirmed in a post on X that user funds would be fully covered.
He expressed appreciation for victims’ understanding regarding inconveniences caused. The Trust Wallet team continues to investigate how the compromised version was submitted.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
