In a significant security breach, Trust Wallet has confirmed that a vulnerability in its browser extension has resulted in losses exceeding $6 million for users. This incident has raised urgent security concerns and prompted the company to issue immediate updates to protect its users.
The breach specifically affects version 2.68 of the Trust Wallet browser extension. Users began reporting sudden and unauthorized withdrawals from their wallets, which caught the attention of both the community and blockchain investigators. The security flaw was first highlighted by on-chain investigator ZachXBT, who alerted users on Telegram regarding the rapid loss of funds.
Following these reports, Trust Wallet quickly identified the compromised version and advised users to disable it immediately, recommending an upgrade to version 2.69 to ensure their assets” safety. The company has stated that mobile users remain unaffected by this incident, as the mobile application did not experience any vulnerabilities.
According to estimates provided by ZachXBT, the hackers exploited the vulnerability to steal over $6 million, affecting hundreds of users. The stolen funds were reportedly laundered through flash loans, with approximately $4 million transferred to centralized exchanges, complicating recovery efforts.
In response to the breach, Trust Wallet has issued a series of security recommendations. Users are urged to update their extension software to benefit from the latest security enhancements. Additionally, migrating assets to the mobile app is encouraged, as it offers biometric authentication that can help mitigate security risks.
Users are also advised to regularly monitor their wallet transactions to detect any unauthorized activity early. Trust Wallet has committed to investigating the incident further and will provide updates as more information becomes available.
This breach is particularly concerning as it follows a prior incident in November 2022, when Trust Wallet faced a WebAssembly vulnerability that resulted in losses of nearly $170,000. While the company compensated affected users at that time, the current situation presents a much larger challenge, leaving reimbursement expectations uncertain for the latest victims.
The ongoing incident underscores the persistent security challenges in browser-based wallets, highlighting the necessity for users to implement timely updates and maintain vigilance regarding their digital assets. As the cryptocurrency landscape evolves, the sophistication of attacks continues to rise, emphasizing the importance of robust security practices.
