Trust Wallet Browser Extension Compromised, Drains Over $6M in User Funds
A recent security breach has been reported by Trust Wallet, a multi-chain crypto wallet provider, resulting in estimated initial losses of over $6 million. The incident was first identified by blockchain security expert ZachXBT, who detected unauthorized fund outflows among several Trust Wallet users. Notably, all affected users had one thing in common: they had installed the new Trust Wallet extension before the theft.
Incident Details and Response
Trust Wallet confirmed the security incident, stating that it affects only the Trust Wallet Browser Extension version 2.68. The company advised users with the 2.68 browser extension to disable it and update to version 2.69. The official link to the Chrome web store can be found on Trust Wallet’s social media announcement. According to ZachXBT, the number of victims has risen to hundreds, with over $6 million in funds diverted in SOL, BTC, and EVM tokens.
Source: Arkham
User Reports and Investigation
Several Trust Wallet users reported losing funds, with one user claiming to have lost over $300,000 after returning from Christmas. The transactions took place within a 4-minute window. However, ZachXBT flagged the user’s social media account as suspicious. Users reported that multiple blockchains, including EVM-compatible networks, Bitcoin, and Solana, were affected.
What Happened
Trust Wallet released a new browser extension update, which users installed through the usual update process. Initially, the extension appeared legitimate, but hackers masked the code address, extracted users’ seed phrases, and drained wallets. Importing a seed phrase into the extension reportedly caused an immediate wallet drain. Browser extensions can pose a significant security risk if misused, as they can access websites, cookies, storage, and browsing activity without triggering traditional endpoint defenses.
Trust Wallet noted that mobile-only users and other browser extension versions were not affected by the breach. The company assured users that their team is actively working on the matter and will continue to share updates as quickly as possible. Customer support is already in contact with affected users regarding next steps. For more information, visit the source link.
