Trust Wallet Announces $7M Refund for Browser Extension Hack, Zhao Confirms

Trust Wallet Exploit Causes $7 Million Loss in Christmas Day Hack

On Christmas Day, users of Trust Wallet, a popular cryptocurrency wallet service owned by Binance, suffered a significant security breach resulting in estimated losses of approximately $7 million. The incident, which had been meticulously planned since early December, targeted the wallet’s desktop browser extension, version 2.68, compromised by an orchestrated attack. Trust Wallet has since urged users to update to version 2.89 to mitigate further risks.

Key Takeaways

• Attackers implanted a backdoor on Trust Wallet’s desktop extension, enabling them to transfer funds and collect user information.


• Binance’s CEO, Changpeng Zhao, assured that affected funds will be reimbursed, emphasizing the company’s commitment to user security.


• Industry experts suggest insider involvement and highlight the sophisticated nature of the breach, as the attacker demonstrated considerable familiarity with Trust Wallet’s source code.


• The attack underscores rising threats in the digital asset space, particularly concerning personal wallet security vulnerabilities.

Tickers mentioned: N/A

Sentiment: Negative

Price impact: Negative. The exploit highlights persistent security vulnerabilities and threats within the crypto ecosystem.

Trading idea (Not Financial Advice): Hold. Investors should await further updates on wallet security measures before making decisions.

Market context: As thefts from digital wallets increase, enhanced security protocols and industry vigilance become paramount to safeguarding user assets.

Details of the Trust Wallet Breach

Trust Wallet announced the breach via a post on social media, revealing that the security incident compromised the browser extension version 2.68, affecting desktop users. The attackers had been developing the exploit since December 8, with successful implantation of a backdoor on December 22. According to blockchain security expert Yu Xian, co-founder of SlowMist, the attacker began transferring stolen funds on December 25. The malicious code also collected users’ personal information, transmitting it to an external server.

Source: Chainalysis.com

Onchain detective ZachXBT confirmed that hundreds of Trust Wallet users were impacted by the breach. Several industry insiders raised concerns over possible insider involvement, especially since the attacker managed to submit an updated version of the wallet extension on Trust Wallet’s official website. Anndy Lian, an intergovernmental blockchain advisor, speculated that insider activity was highly probable, noting the attack's sophistication. Binance CEO Changpeng Zhao echoed this sentiment, stating the breach was "most likely" an insider job.

Further analysis indicated that the attacker demonstrated an in-depth understanding of the wallet’s source code, facilitating the backdoor implementation. Security researchers warn that such breaches, increasingly driven by insider activity, pose a growing threat to the security and trustworthiness of crypto wallets.

The incident prompts a broader discussion on industry security measures and the importance of transparency to protect users from evolving tactical threats in the digital asset space.

https://www.cryptobreaking.com/trust-wallet-announces-7m-refund/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Trust%20Wallet%20Announces%20$7M%20Refund%20for%20Browser%20Extension%20Hack,%20Zhao%20Confirms%20