Trust Wallet Browser Extension Compromised, Drains Over $6M User Funds
- Multi-chain crypto wallet provider Trust Wallet has confirmed a security breach on Thursday, with estimated initial losses exceeding $6 million.
- Blockchain security expert ZachXBT flagged the incident after multiple Trust Wallet users experienced unauthorized fund outflows.
- All victims have one thing in common – they installed the new Trust Wallet extension before the theft.
- “We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only,” the crypto wallet wrote on X.
What Happened
“Users with Browser Extension 2.68 should disable and upgrade to 2.69.”
Besides, Arkham data shows that exploiters made use of several receiving addresses, moving funds across various wallets.
At first, the extension appeared legit, however, hackers masqueraded the code address, extracting users’ seed phrases and draining wallets.
Recently, several reports have surfaced with high-profile extension-related wallet threats. Per HackerNews, more than 40 fake crypto wallet extensions were stealing users’ keys and IPs early this year.
Market Context
Multi-chain crypto wallet provider Trust Wallet has confirmed a security breach on Thursday, with estimated initial losses exceeding $6 million.
Blockchain security expert ZachXBT flagged the incident after multiple Trust Wallet users experienced unauthorized fund outflows. All victims have one thing in common – they installed the new Trust Wallet extension before the theft.
Why It Matters
Trust Wallet noted that mobile-only users and other browser extension versions were not impacted by the breach.
Further, in a latest update, the wallet said that the customer support is already in touch with impacted users regarding next steps.
Details
“We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only,” the crypto wallet wrote on X.
Following the initial report, ZachXBT noted that the number of victims has risen to the hundreds, with funds over $6 million siphoned in SOL, BTC and EVM tokens.
Trust Wallet Users Report Losing Funds
Several Trust Wallet users reported that funds were drained from their wallet addresses within a short time frame on Christmas.
One user took to X, reporting the loss of over $300,000 after coming back from Christmas. “Everything I’ve been building for. Stolen on Christmas Day.” The transactions took place within a 4-minute window, the user added.
Users reported that multiple blockchains, including EVM-compatible networks, Bitcoin, and Solana, were affected.
What Happened
Trust Wallet released a new browser extension update on Wednesday, which users installed through the usual update process.
“Reports indicate that importing a seed phrase into the extension can result in immediate wallet draining,” wrote one user.
Browser extensions operate with elevated access to web pages, cookies, storage, and browsing activity. When abused, they provide a near-perfect avenue for credential theft – without triggering traditional endpoint defences.
“We understand how concerning this is, and our team is actively working on the issue. We’ll keep sharing updates as soon as possible,” the team wrote on X.
The post Trust Wallet Browser Extension Compromised, Drains Over $6M User Funds appeared first on Cryptonews.