TLDR
- Trust Wallet’s Chrome extension version 2.68 caused unauthorized withdrawals.
- Over $6 million drained from affected wallets after the incident.
- Trust Wallet urges users to disable and upgrade to version 2.69.
- The vulnerability does not affect Trust Wallet’s mobile app or other extensions.
Trust Wallet, one of the leading cryptocurrency wallets, has confirmed a critical security incident affecting its Chrome browser extension. The vulnerability, identified in version 2.68, led to unauthorized withdrawals from users’ wallets, with troubling reports emerging as early as December 25, coinciding with the Christmas holiday. On-chain analyst ZachXBT uncovered that by the time the issue was acknowledged publicly, over $6 million had been siphoned from affected accounts.
In light of the security breach, Binance’s CEO, known as CZ, communicated via social media about the incident, estimating the total losses to be around $7 million. Trust Wallet has reassured users, stating that those impacted will be reimbursed and emphasizing the need for immediate action to curb further losses.
In their response, Trust Wallet confirmed that only the Chrome extension version 2.68 had been compromised. Users were quickly advised to disable this extension and upgrade to version 2.69 to secure their assets. The company also stated that other platforms, including its mobile app and different extensions, remained unaffected by this exploit.
Trust Wallet Investigates Root Cause of the Exploit
While Trust Wallet has not yet pinpointed the exact cause of the vulnerability, the team is actively investigating the situation. They acknowledged the severity of the incident and assured users that efforts are underway to uncover the technical details behind the exploit. Initial findings suggest that many users reported suspicious activity shortly after the extension was updated on December 24.
The exploit, as highlighted by ZachXBT, showcased a troubling trend of unauthorized withdrawals that emerged post-update, prompting Trust Wallet to take swift action. Upon the exploitation’s discovery, measures were swiftly enacted to prevent any further compromise.
Affected Users and Immediate Actions
Reports from affected users detail troubling losses, with over $6 million extracted from wallets, primarily targeting that specific version of the Chrome extension. Trust Wallet’s proactive measures included confirming the vulnerability and providing users with necessary steps to secure their funds, including disabling the compromised extension immediately.
The exchange also reassured its community that their mobile application and other extension versions were safe, reinforcing the importance of maintaining updated software to guard against future threats. Trust Wallet’s rapid response sought to mitigate further risk as investigations into the incident continue.
The Future of Trust Wallet and Extension Security
Despite the fact that Trust Wallet’s mobile application was unharmed, this incident raises pressing questions regarding the security of browser-based wallets. The need for ongoing vigilance in monitoring for potential exploits remains paramount as vulnerabilities in widely used software can have significant repercussions.
Trust Wallet has committed to closely monitoring the situation, promising users further updates as more information becomes available. They are calling on users to stay engaged through official communication channels to navigate past this unsettling incident decisively. Moreover, Trust Wallet plans to enhance its security measures to prevent similar issues from arising in the future.
