Trust Wallet has experienced a significant security breach that has led to the theft of more than $6 million. This incident coincided with the release of its latest update, as revealed by on-chain researcher ZachXBT. The breach is associated with the browser extension version 2.68, prompting the platform to issue a warning for users to disable this extension and upgrade to version 2.69 to prevent further issues.
The breach primarily impacted users of the browser extension, while those on mobile devices remained unaffected. Trust Wallet, which has recently integrated native prediction markets into its offerings, has urged users to take immediate action. Binance”s founder and former CEO Changpeng “CZ” Zhao responded quickly, assuring that all affected users would receive compensation for their losses.
The exploit reportedly began shortly after the update on December 24 and continued undetected for several days before ZachXBT raised the alarm. Users were initially instructed to refrain from utilizing the browser extension while they sought to recover their funds via desktop or mobile versions. The vulnerability arose when users entered their private seed phrases into the compromised extension.
According to ZachXBT”s findings, wallets holding Ethereum, Bitcoin, and Solana were among those targeted. The data indicated that hundreds of wallets were affected, and Trust Wallet has committed to compensating the losses incurred. However, it remains unclear whether the exploit compromised the private keys themselves, leading experts to suggest that users might need to create new wallets.
Some of the wallets impacted had small amounts of BTC lost after years of holding, while the exploiter consolidated tokens on the ETH network into several intermediary addresses. Subsequently, these exploiter wallets transferred funds to various exchanges, including ChangeNOW, FixedFloat, and prominent platforms like KuCoin and HTX. Many of the destination wallets have been flagged for suspicious activity, with some containing minimal amounts, while others have accumulated up to $49,000.
In total, the hack”s estimated losses have reached $6.77 million, with approximately $2.35 million still residing in the exploiter”s known addresses after they moved and swapped the stolen funds. The Trust Wallet team continues to investigate how the flawed version of the extension was submitted to the app store under the official wallet brand.
