Trust Wallet Starts Compensation After Chrome Extension Breach

Crypto wallet provider Trust Wallet has started a compensation process after a security problem affected its Chrome browser extension. 

The problem came from a compromised update that allowed attackers to access some user wallets. This caused losses for a small number of users and raised new concerns about browser wallet security.

Faulty Chrome Update Led to Trust Wallet Security Breach

Trust Wallet said the security problem started with version 2.68 of its Chrome extension, which was released on December 24. Users who installed this update experienced unauthorized access to their wallets shortly afterward. 

The incident became public after on-chain investigator ZachXBT issued alerts on Christmas Day. Users soon reported drained balances after installing the compromised update.

Security firm SlowMist confirmed that the injected code harvested wallet recovery phrases through a modified analytics library. This allowed attackers to gain control of affected wallets. 

Meanwhile, this is not the first time the Trust Wallet system has been compromised. In 2023, the wallet provider suffered an exploit which led to the loss of $170,000 in two separate transactions due to a system vulnerability. 

The Cause and Impact of the Chrome Extension Hack

Following the attack, Trust Wallet CEO Eowyn Chen explained that internal investigations showed a leaked Chrome Web Store API key. This allowed attackers to publish the malicious extension and was able to bypass Trust Wallet’s normal release controls. 

Trust Wallet clarified that the breach affected only the Chrome browser extension. The company confirmed that its mobile application users did not face any risk from this incident.

Sadly, the breach led to the theft of about $7 million in digital assets, including Bitcoin (BTC), Ethereum (ETH), Binance Coin, and Solana (SOL). Blockchain security firm PeckShield also reported that more than $4 million of the stolen funds had already moved through centralized exchanges. 

Reportedly, attackers still controlled about $2.8 million in remaining funds.

Trust Wallet Opens Claims Process and Assures Users of Compensation

In response to the huge losses from the hack, Trust Wallet said affected users can now submit claims through the official support portal. The platform requires specific details to verify each claim. This includes the user’s wallet address, the attacker’s receiving address, the transaction hash, and the user’s country.

Trust Wallet stated that it will review all claims on a case-by-case basis. The company said it will manually review every submission to confirm its accuracy. This step is meant to protect users and keep the reimbursement process secure.

Changpeng Zhao, founder of Binance, confirmed that users’ funds remain protected despite the incident. Reassuringly, the exchange’s ex-CEO said the company will cover all verified losses linked to the breach. Notably, Binance acquired Trust Wallet in 2018. 

This statement helped calm concerns within the crypto community as users awaited clarity on reimbursements.