Particle.news
Download on the App Store
30 ARTICLES
·
21h ago

Trust Wallet Opens Refund Claims After Chrome Extension Hack, Cites Leaked Web Store Key

The company has opened a claims portal, attributing the breach to a leaked Chrome Web Store API key.

ZachXBT flags suspected Trust Wallet extension issue as users report drained funds
Trust Wallet confirms $7M impact from browser extension incident, promises full user refunds
A man holds open an empty leather wallet. (Andrew Khoroshavin/Pixabay)
Image

Overview

  • Trust Wallet says about $7 million was stolen via a malicious Chrome extension update in version 2.68 and will reimburse affected users.
  • Users who logged into the extension before December 26 at 11:00 a.m. UTC were exposed, while mobile apps and other extension versions were not affected.
  • A patched release (v2.69) is live, and the company instructs desktop users to disable v2.68, manually update in Chrome, and verify the new version before use.
  • Security researchers reported code in v2.68 that exfiltrated decrypted seed phrases to api.metrics-trustwallet[.]com, and a parallel phishing site fix-trustwallet[.]com sought recovery phrases.
  • Blockchain analysts estimate over $6 million moved through exchanges such as ChangeNOW, FixedFloat, and KuCoin, with some funds still in attacker wallets as investigations continue.