- Trust Wallet limited losses to one Chrome update and began compensation for affected users.
- A leaked API key allowed attackers to publish malicious code and bypass release checks.
- Most stolen crypto moved through exchanges while investigations and reimbursements continue.
Trust Wallet began a compensation process after detecting malicious code within its Chrome browser extension. The company reported losses near $7 million following unauthorized wallet access.
The incident stayed limited to one software release. A small group of users faced verified losses. Activity followed an extension update released on December twenty four.
Extension Breach and Exposure Window
The breach originated in version 2.68 of the Chrome extension. Trust Wallet published the update on December 24. Soon after, affected users reported drained balances. Investigators linked the issue to embedded malicious code.
Exposure centered on users who logged in before December 26 at 11a.m UTC. Later users did not face risk. Trust Wallet released version 2.69 on December 25. The fix removed the injected code. This was after Revolut and Trust Wallet launched a partnership enabling European users to buy cryptocurrencies directly into self-custody wallets.
Claims process and verification steps
Trust Wallet opened an official claims form through its support portal. Affected users can submit reimbursement requests online. The form requires detailed information for validation. Required details include wallet addresses and transaction hashes.
Users must also provide attacker receiving addresses and country information. Each submission undergoes manual review. The company evaluates claims on a case by case basis. Accuracy and security guide reimbursement decisions.
Asset Losses and Fund Movements
The theft affected bitcoin, ether, BNB, and solana wallets. Analysts estimated losses near $7 million. A large share moved through centralized exchanges. These movements occurred soon after the breach.
Tracked platforms included ChangeNOW, FixedFloat, and KuCoin. About $4 million passed through exchanges. Roughly $2.8 million stayed in attacker wallets. Monitoring continued as funds shifted between addresses.
Cause and Scope
Onchain investigators raised alerts on December 25. Reports followed shortly after the update. Trust Wallet traced the breach to a leaked Chrome Web Store API key. The key enabled unauthorized publication.
The compromised key bypassed internal release controls. Security researchers identified modified analytics code. The code harvested wallet recovery phrases. This allowed silent access to funds.
The company confirmed the issue affected only the Chrome extension. Mobile app users remained unaffected. Other browser versions also stayed secure. The incident increased scrutiny of browser wallet security.
Trust Wallet stated the distribution process received additional review. Controls around extension publishing tightened afterward. The company emphasized continued monitoring of user reports. Efforts focused on limiting further risk.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed