Trust Wallet has confirmed a security breach affecting its browser extension, following reports from several users of unauthorized transactions that drained their funds. The incident, first flagged by on-chain sleuth ZachXBT, is estimated to have resulted in initial losses of over $6 million.
Incident Details
The issue came to light following an alert issued by ZachXBT on Telegram, where he warned that Trust Wallet users had experienced funds being stolen from their wallet addresses over a brief period. The reports coincided with a recent update to the Trust Wallet Chrome browser extension, version 2.68. ZachXBT’s analysis of the theft addresses indicated that the attacker had stolen funds from hundreds of users, totaling more than $6 million.
In response, Trust Wallet confirmed the security incident in a post on X (formerly Twitter) on Thursday. The company acknowledged that the breach was tied to Trust Wallet Browser Extension version 2.68 and urged users to upgrade to version 2.69 to protect their assets immediately.
Actions Taken by Trust Wallet
Trust Wallet issued a clear warning for users still on Browser Extension version 2.68, advising them to disable it and upgrade to version 2.69 as soon as possible. The company clarified that only users of the affected browser extension were impacted, while mobile-only users and other browser extension versions remain unaffected.
Trust Wallet also recommended that users who have not yet updated to version 2.69 avoid using the browser extension until the update is complete, to prevent further issues. The company assured users that its team was actively working to address the situation and would continue to provide updates.
Binance Founder’s Statement
Changpeng Zhao, founder of Binance and owner of Trust Wallet, reassured users on X, stating that Trust Wallet would cover the losses incurred by the hack. Zhao also confirmed that user funds remained safe, adding, “So far, $7m affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.”
Broader Context
This security breach highlights the growing concerns around cryptocurrency theft, as high-profile exploits and phishing attacks continue to rise. According to estimates from Chainalysis, cryptocurrency theft reached over $3.41 billion from January through early December, an increase from $3.38 billion in 2022.
