Trust Wallet users lost more than $7 million shortly after it released an updated version of its Chrome web browser extension. The stolen funds will be refunded, said Changpeng Zhao, a co-founder of crypto exchange Binance, which owns the tool.
The breach, flagged on December 25 by onchain detective ZachXBT, was confirmed by the wallet’s team.
“Community Alert: A number of Trust Wallet users have reported funds being drained from wallet addresses within the last few hours,” ZachXBT wrote on Telegram. “While the exact cause has not been determined at random, the Trust Wallet Chrome extension sent a new update yesterday.”
Crypto wallets store the keys to users’ holdings of cryptocurrency, and malicious actors who gain access can authorize transfers of funds to destinations they control. Crypto theft rose to $6.75 billion this year, according to a Chainalysis report. The number of personal wallet compromises rose to 158,000 from 64,000 last year, although the amount stolen accounted for 20% of the total, down from 44%, it said.
The breach affects version 2.68 of Trust Wallet’s browser extension, which the wallet team announced on X and urged users not to open that version and upgrade to version 2.69. “Only mobile users and all other versions of browser extensions are not affected.”
