Trust Wallet Chrome Extension Hacked: $7 Million Stolen, Full Refunds Promised
Trust Wallet's Chrome extension version 2.68 was compromised on December 25 through a supply-chain attack, resulting in approximately $7 million in stolen cryptocurrency funds. The malicious code targeted users importing seed phrases and operated silently without visible warnings. Trust Wallet has released a patched version 2.69 and committed to fully refunding all affected users, with Binance founder Changpeng Zhao confirming the reimbursement promise while investigations continue.
*this image is generated using AI for illustrative purposes only.
A Christmas Day security breach at Trust Wallet, the cryptocurrency wallet owned by Binance, has resulted in approximately $7 million in stolen funds from users of its Chrome browser extension. The attack, which occurred on December 25, was executed through a supply-chain compromise that injected malicious code into the extension's JavaScript files.
Attack Details and Impact
The security incident specifically targeted version 2.68 of Trust Wallet's Chrome extension through sophisticated malicious code disguised as routine analytics functionality. When users imported their recovery seed phrases into the compromised extension, the malicious code activated and transmitted sensitive wallet data to an attacker-controlled domain.
| Attack Parameter: | Details |
|---|---|
| Affected Version: | Chrome Extension v2.68 |
| Attack Date: | December 25 |
| Total Impact: | Approximately $7 million |
| Attack Method: | Supply-chain compromise |
| Scope: | Chrome extension only |
The exploit operated silently in the background without displaying any visible warning indicators to users. Trust Wallet confirmed that the vulnerability was limited exclusively to the Chrome browser extension and did not affect mobile applications or underlying blockchain networks.
Company Response and Remediation
Trust Wallet responded swiftly to the incident by releasing a patched version 2.69 and advising users to immediately disable the affected version. In a statement posted on social media platform X on December 26, the company wrote: "We've identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69."
The company has committed to fully refunding all affected users, stating: "We've confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded. Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users."
Leadership Commitment
Binance founder Changpeng Zhao reinforced the refund commitment, assuring users that affected funds would be covered. He stated: "So far, $7 million has been affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version."
User Action Steps
Trust Wallet has provided specific instructions for users of the compromised extension version:
- Step 1: Do not open Trust Wallet Browser Extension v2.68 on desktop devices
- Step 2: Navigate to Chrome Extensions panel using: chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph
- Step 3: Turn off the Trust Wallet toggle if still enabled
- Step 4: Click 'Developer mode' in the upper right corner
- Step 5: Press the 'Update' button in the upper left corner
- Step 6: Verify the version number shows 2.69, which is the secure version
The incident highlights the ongoing security challenges facing cryptocurrency wallet providers and the importance of rapid response protocols when breaches occur. Trust Wallet's commitment to full user reimbursement demonstrates the company's focus on maintaining user confidence despite the security compromise.
20
