Trust Wallet Hack: Extension Flaw Leads to More than $6 Million in Holiday Drains

Key Takeaways

A critical vulnerability in Trust Wallet’s browser extension (version 2.68) led to a Trust Wallet Hack draining over $6 million.
The company has urged users to immediately disable the affected extension and upgrade to the patched version 2.69.
Binance founder Changpeng “CZ” Zhao stated that Trust Wallet will cover the losses, assuring users “funds are SAFU.”

A Costly Vulnerability Exposed

The Binance property wallet has confirmed a major security breach. The Trust Wallet Hack exploited a vulnerability in version 2.68 of its Chrome browser extension. This incident, which came to light on Christmas Day, saw attackers drain at least $6 million from hundreds of user wallets, according to on-chain investigator ZachXBT.

Trust Wallet Hack: Extension Flaw Leads to More than $6 Million in Holiday Drains: The popular crypto wallet confirms a critical vulnerability in its browser extension, with founder CZ pledging to cover user losses from the security breach. — *ZachXBT’s Telegram post about the Trust Wallet Hack.*

A fake “update” was made available through the official Chrome Web Store, which allowed the stealing of funds, and suggests that there is a malware vulnerability in the wallet’s software release process. Trust Wallet has provided another update (Version 2.69) of the extension and encourages all users to upgrade their extensions.

Read also: Cybersecurity Company Kaspersky Warns Gamers and Crypto Users about Stealka!

Response and Repercussions

In response to the Trust Wallet Hack, Binance founder and Trust Wallet owner Changpeng Zhao stated the company’s treasury would cover affected user losses, coining the familiar assurance that “user funds are SAFU” (an acronym for Secure Asset Fund for Users).

Although the mobile and other extension versions were unaffected, the euphoria and confidence in what is still arguably one of the most popular non-custodial wallets in crypto has been shaken. There is speculation among Security Experts that the Trust Wallet Hack may be an example of either an “insider threat” that gave access to a compromised Administrative Account or may demonstrate and exploit a complex Supply Chain Attack.

Read also: DJT Stock Reverses Gains after 51% Surge-What Went Wrong?

Browser Extension Risks Are Front and Center in this Attack

The Trust Wallet hack is another strong reminder of the risks that the use of browser extensions is subject to because they have high-level permissions and are popular attack vectors for cybercriminals.

Victims of the Trust Wallet hack may have their losses offset by the promise of reimbursement, but the incident serves as proof and a reminder of the continued risks to securing the crypto supply chain due to the breadth and complexity of the software used. Therefore, crypto users must remain vigilant (always) about keeping their software up to date and prefer hardware-based solutions for protecting their crypto assets.

FAQs

Which Trust Wallet version was hacked?

The exploit specifically targeted Trust Wallet Browser Extension version 2.68. The company has released a patched version 2.69 and urges all users to upgrade immediately.

Were mobile app users affected?

No. Trust Wallet has confirmed that the vulnerability was isolated to the browser extension. Users of the Trust Wallet mobile app and other extension versions were not impacted.

Will users get their stolen funds back?

Yes. Changpeng “CZ” Zhao, the founder of Binance, which owns Trust Wallet, has publicly stated that “Trust Wallet will cover” the losses, estimating the total affected amount at around $7 million.