Several users of the Binance-owned Trust Wallet have been affected by a major security issue involving a recent version of its Chrome extension. Former Binance CEO Changpeng Zhao has confirmed that Trust Wallet will compensate affected users.
Summary
- Trust Wallet confirmed a security incident tied to version 2.68 of its Chrome extension.
- On-chain investigator ZachXBT flagged the issue after multiple users reported unauthorized outflows.
- Former Binance CEO Changpeng Zhao said Trust Wallet will reimburse affected users as the team investigates.
Trust Wallet has acknowledged that a security incident affecting version 2.68 of its browser extension led to user funds being drained without any transaction approvals.
crypto.news reached out to Trust Wallet for comments, but did not hear back by publication time.
On-chain sleuth ZachXBT was the first to warn about the issue on Telegram, where several users were already reporting unauthorized outflows. At the time, the investigator was not yet able to identify the exact nature of the exploit but speculated that it may have been linked to the recent update of the extension.
Based on a list of affected wallet addresses, ZachXBT estimates total losses to be upwards of $6 million from hundreds of users.
Separately, a wallet associated with the exploiters and tracked by Arkham shows that the attackers used several receiving addresses and immediately started moving funds in small amounts across multiple wallets. As of press time, the wallet still held over $2.7 million worth of various cryptocurrencies.
Trust Wallet has not yet published a detailed post-mortem of the breach, but has urged users to immediately upgrade to version 2.69.
“Do NOT open the Trust Wallet Browser Extension on your desktop device to ensure the security of your wallet and prevent further issues,” Trust Wallet said in a subsequent post.
To safely upgrade, users must navigate using the address line “chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph,” then switch the toggle to Off, click on Developer mode in the upper right corner, and press the Update button.
Once the process is complete, the extension should be re-enabled, and users are advised to verify that the version number reads 2.69 before proceeding.
In the meantime, users have criticized Trust Wallet for not offering a detailed post-mortem of the incident. However, a vast majority of users were more concerned about whether or…they would be compensated. See below.
Trust wallet insider may be involved
Although Trust Wallet has yet to release an official statement detailing compensation procedures, former Binance CEO Changpeng Zhao has confirmed that Trust Wallet will reimburse all affected users.
“So far, $7m affected by this hack. TrustWallet will cover,” Zhao wrote in a recent X post, adding that the “team is still investigating how hackers were able to submit a new version.”
In the replies to the post, many users speculated that the nature of the incident suggests an insider may have been involved.
It is not uncommon for exploiters to infiltrate high-profile crypto firms and gain privileged access. As previously reported by crypto.news, North Korean hackers have increasingly targeted the sector by posing as blockchain developers and IT workers.
