A significant security breach targeted the Binance-owned Trust Wallet on Thursday, December 25, resulting in losses exceeding $7 million as funds were siphoned from user wallets. The incident specifically impacted a compromised version of the platform's browser extension.
Who is Affected by the Trust Wallet Security Incident?
In a detailed social media post on Saturday, Trust Wallet CEO Eowyn Chen clarified the scope of the attack. The investigation confirms that the breach only impacts users who opened and logged into the Browser Extension version 2.68 before a specific cutoff.
Chen assured that the incident does not affect any mobile app users, users of other browser extension versions, or even those who used extension v2.68 but only opened and logged in after 26 December, 11:00 UTC. All these users' accounts, data, and assets remain secure.
How Did the Hack Happen and What is Being Done?
The attack was caused by hidden malicious code disguised as an analytics feature within version 2.68 of the Chrome browser extension, which was released on December 24. Users who installed this version and imported their seed phrases inadvertently granted attackers access, allowing them to restore wallets elsewhere and drain the funds.
To contain the damage, Trust Wallet has taken immediate steps. The malicious domain has been reported and suspended with the registrar, NiceNIC. All release APIs have been expired, preventing new releases for two weeks. The platform has also begun collecting victim tickets and processing reimbursements.
Ongoing Investigation and Root Cause Analysis
CEO Chen stated that the malicious extension was likely not released through the platform's internal manual process. A leading hypothesis is that the hacker used a leaked Chrome Web Store API key to submit the malicious update, which then bypassed standard checks and passed Chrome's review. Internal forensic analysis is ongoing, and the team is awaiting additional logs from Google.
In an official statement, Binance founder Changpeng Zhao (CZ) assured the community that Trust Wallet will fully reimburse all affected users. He also mentioned the team is investigating how the malicious update was submitted, hinting at the possibility of insider involvement.
The company continues to work on the investigation while taking all necessary measures to protect its users and prevent future incidents of this nature.
