Trust Wallet Will Reimburse $7M Following Vulnerability in Its Chrome Extension

TLDR

• Trust Wallet has verified a $7 million loss stemming from a security breach in its Chrome extension.

• Individuals using version 2.68 of the Trust Wallet extension were affected.

• Trust Wallet has pledged to completely compensate all impacted users.

• Trust Wallet advises users to update to version 2.69 to avoid potential risks.

Trust Wallet has acknowledged a major security breach impacting its Chrome browser extension. The firm disclosed that roughly $7 million in user assets were compromised due to a flaw in version 2.68 of the extension. This breach was detected following an alert from blockchain researcher ZachXBT, who observed suspicious activities linked to the affected extension version.

In response to the incident, Trust Wallet reassured users that all affected individuals would receive full reimbursement. The company stated that addressing the issue and ensuring user safety remains a top priority. Trust Wallet clarified that this security problem was isolated to Chrome extension version 2.68, and users of other versions—including the mobile-only app—were not impacted.

Swift Measures Taken by Trust Wallet

To minimize harm, Trust Wallet took quick action by recommending users disable the compromised version and upgrade to the secure version 2.69. The company emphasized that the vulnerability was exclusive to this specific browser extension version and confirmed no other versions or mobile users were affected.

Trust Wallet maintained active communication with users throughout the incident, outlining steps for resolution.

Users were also warned against engaging with messages or instructions not from Trust Wallet’s official channels, as scammers might exploit the situation for further malicious acts. The company noted it would provide additional updates as the refund process is finalized.

Security Risks Linked to Browser Extensions

This breach has once again drawn attention to security risks associated with browser extensions, especially in the crypto wallet sector. Updates to such extensions can occasionally introduce vulnerabilities, raising concerns about supply-chain risks. While specific technical details about the breach’s cause have not been shared, the incident underscores the need for enhanced security measures in crypto wallet software.

Commenting on the issue, Richard Heart—a prominent figure in the crypto community—spoke out against automatic software updates, citing this as a potential vector for supply chain attacks. He wrote on X,

“Auto-update is not your friend. Auto-update is how hackers and supply chain attacks and evil admins and more can hack you.”

He further stressed that software updates should not happen automatically, and users should control updates themselves to avoid vulnerabilities from external sources.

Trust Wallet’s Refund Process and Ongoing Investigation

While Trust Wallet has assured users their losses will be refunded, the company continues to investigate the root cause of the breach. The incident has raised questions about update security protocols and the need for heightened vigilance from both users and developers.

Trust Wallet emphasized that impacted users will receive detailed instructions on proceeding with the refund process. The company also reassured users it is working on long-term solutions to boost product security moving forward.

As the investigation progresses, Trust Wallet remains committed to transparency and will share further details as they become available. The company also reiterated that the breach was contained to a single extension version, helping limit overall user impact.