Trust Wallet users lost more than $7 million shortly after it released an updated version of its extension for the Chrome web browser. The stolen funds will be reimbursed, said Changpeng Zhao, a co-founder of crypto exchange Binance, which owns the utility.
The breach, flagged Dec. 25 by onchain detective ZachXBT, was confirmed by the wallet team.
“Community alert: A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple hours,” ZachXBT posted on Telegram. “While the exact root cause has not been determined coincidentally the Trust Wallet Chrome extension pushed a new update yesterday.”
Crypto wallets store the keys to users’ cryptocurrency holdings, and malicious actors who gain access can authorize transfers of funds to destinations they control. Crypto theft rose to $6.75 billion this year, according to a Chainalysis report. The number of personal wallet compromises surged to 158,000 from 64,000 last year, though the amount stolen accounted for 20% of the total, down from 44%, it said.
The breach affects version 2.68 of Trust Wallet’s browser extension, the wallet team posted on X, urging users not to open that version and to upgrade to version 2.69. “Mobile-only users and all other browser extension versions are not impacted.”
