Attackers drain over $6M from Trust Wallet users
Trust Wallet reported a security incident, coinciding with one of its latest updates. On-chain researcher ZachXBT identified over $6M in drained funds.
Trust Wallet announced a security incident, only connected to the browser extension version 2.68. The wallet producer warned users should disable the extension and move to version 2.69. Mobile users are not impacted.
Recently, Trust Wallet gained popularity after adding native prediction markets. Previously, the wallet was used as a one-stop hub for all Web3 activity.
Binance’s founder and former CEO Changpeng ‘CZ’ Zhao immediately reacted to the incident, stating all users would be compensated. The Trust Wallet team is still investigating how the exploiters managed to submit a flawed version to the app store, for downloads under the official wallet brand.
The supply chain attack is still investigated. The initial wallet draining was noted soon after the update from December 24. The exploit has continued for days before ZachXBT noted the unusual outflows.
Initially, users were urged not to use the extension, while salvaging funds via the desktop or mobile versions. The problems emerged only when inputting private seeds into the flawed extension.
The attack comes at a time when crypto exploits are slowing down, as projects increase their security. Recently, Binance Wallet was also tackling a wave of address poisoning, as attacks shifted from platforms to private holders.
ZachXBT discovers affected Trust Wallet addresses
On-chain researcher ZachXBT identified Ethereum, Bitcoin, and Solana wallets affected by the exploit.
According to his data, hundreds of wallets were affected. Trust Wallet has announced the losses will be compensated. Over $6M in crypto was taken from draining the vulnerable wallets. ZachXBT has not mentioned if the exploit has compromised the private keys themselves, but users may have to generate new wallets.
Some of the affected addresses lost small amounts of BTC after years of holding. On ETH, the exploiter aggregated tokens into several intermediary addresses. Later, some of the Trust Wallet exploiter wallets sent out the funds to exchanges. The exploiter used ChangeNOW, FixedFloat, as well as high-profile exchanges like KuCoin and HTX.
Most of the destination wallets have been flagged. Some of the addresses contain only a few hundred dollars, while others have accumulated as much as $49,000. In the end, the hack estimates reached $6.77M, with around $2.35M remaining in all of the exploiter’s known addresses after moving and swapping funds.
Phishing redirect targeted new downloads
Wallet infrastructure has proven to be one of the most reliable elements of crypto usage. There are only rare instances of compromised wallets or private keys, usually through insider infiltration.
The nature of the Trust Wallet exploit involved a hidden redirect injected into the compromised version. The private key technology remains reliable, if not exposed to the malicious app.
The malicious redirect creates a malicious version of the Trust Wallet. Users are urged not to input their private seeds to activate old wallets. Even newly created wallets from the flawed version may be compromised and lose assets in the future.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
You May Also Like
Why 100 Percent Test Coverage is Not Possible — Lessons from Testing Banking and Healthcare Systems
US eyes crypto mining at disputed nuclear plant in Russia-Ukraine conflict: report
