A Trust Wallet browser extension update led to a security breach involving approximately $7 million in losses.
The issue was linked to build 2.68, released on December 25. Only users who had this version on desktop systems were affected, while those using the official mobile application or other plugin versions were not impacted.
After discovering the issue, the development team instructed users to uninstall the vulnerable build and switch to version 2.69 available on the Chrome Web Store.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is Ethereum Classic & ETC Coin? (Animated Explainer)
Trust Wallet addressed the breach and will fully cover losses for impacted users. The announcement assured the community that user wallets are considered safe, despite the vulnerability exposed by the browser extension.
According to SlowMist, the browser plugin was compromised with a backdoor. Data was sent to a server under the attacker’s control.
Their findings suggested the rogue code might have been introduced on December 8, with the actual backdoor activating around December 22. The theft of funds began on December 25.
Blockchain adviser Anndy Lian described the breach as unlikely to be a random occurrence. He said:
This kind of ‘hack’ is not natural. The chances of an insider are high.
Changpeng Zhao, co-founder of Binance
$6.97B
and owner of Trust Wallet, agreed that the incident appeared to be the result of someone within the organization.
Recently, Binance co-CEO Yi He’s WeChat was hacked after her old phone number was reassigned, which led to fake token promotions. How? Read the full story.
