Hidden script caught harvesting private keys as Trust Wallet issues emergency warning for Chrome users
Trust Wallet issued an emergency warning for Chrome users to update its extension after a hidden script in version 2.68 harvested private keys, causing millions in losses.Summary
Trust Wallet urgently advised users to disable Chrome extension version 2.68 and upgrade to 2.69 following reports of wallet drains linked to the earlier update. Researchers found suspicious logic in the 2.68 JavaScript bundle, potentially transmitting wallet secrets to an external host, with initial loss estimates ranging from $6 million to over $7 million across multiple chains. The primary risk targeted users who imported or entered a seed phrase after installing the compromised version. While upgrading to 2.69 removes the malicious behavior going forward, it does not automatically secure assets already exposed; affected users must move funds to new addresses derived from a new seed phrase and revoke token approvals. Trust Wallet later confirmed approximately $7 million was impacted and stated it will refund all affected users, cautioning against impersonating scammers during remediation.
(Source:CryptoSlate)