Trust Wallet Hit by Malicious Update, $7M Stolen — What Happened and What Users Should Do Now
A malicious update to Trust Wallet's Chrome extension led to the theft of approximately $7 million in crypto from users who imported seed phrases.Summary
On Christmas night, hundreds of Trust Wallet users lost an estimated $6–7 million after a malicious update (version 2.68) to the wallet's Chrome extension was deployed. The breach was identified as a supply-chain attack where malicious code was slipped into the extension's JavaScript files, designed to steal private keys when users imported their recovery phrases. The vulnerability was limited only to the Chrome extension; mobile apps were unaffected. Trust Wallet quickly released a patched version (2.69) and urged affected users to disable version 2.68 immediately and move any funds to a new wallet, assuming the old one was compromised. Binance founder Changpeng Zhao confirmed that Binance will fully reimburse all affected users through its SAFU fund. The incident highlights the inherent risks associated with browser-based wallets and software updates in the crypto space.
(Source:CCN)