Trust Wallet confirms Chrome extension security vulnerability, resulting in losses of up to $7 million

Source: PortaldoBitcoin Original Title: Trust Wallet Confirms Security Flaw in Chrome Extension; Losses Reach Up to $7 Million Original Link: Wallet service Trust Wallet issued a warning on Thursday (25th) via X platform, confirming a security incident that only affects its Chrome browser extension version 2.68. According to the company, users of this specific version should immediately disable the extension and update to version 2.69 through official channels.

“Currently, we have confirmed a security incident that only affects Trust Wallet browser extension version 2.68. Users of this version should disable it and upgrade to 2.69,” the company stated. Trust Wallet also emphasized that the mobile version is unaffected.

However, losses from the Chrome version have reached at least $7 million, according to disclosures from a former CEO of a major exchange.

The issue was made public after users reported their funds being drained within hours. On-chain investigator ZachXBT first discovered the situation, identifying unauthorized withdrawals from multiple wallets associated with Trust Wallet following the Chrome extension update.

Subsequently, security firm SlowMist confirmed the presence of a vulnerability in version 2.68 and recommended an immediate update. Preliminary analysis suggests that the incident may be related to a supply chain attack, with malicious code inserted into the extension. This could have allowed extraction of recovery phrases when the wallet was unlocked.

Initial estimates indicate that hundreds of wallets were affected. Trust Wallet advised users not to open the extension until the update is completed and warned that continuing to use the compromised version could pose additional risks.

The former CEO stated that affected users will be compensated and estimated the losses to be around $7 million.