Trust Wallet to Refund $7M Following Chrome Extension Vulnerability

TLDR

• Trust Wallet confirmed a $7 million loss due to a breach in its Chrome extension.

• Users of version 2.68 of the Trust Wallet extension were impacted.

• Trust Wallet promises to fully reimburse the affected users.

• Trust Wallet urges users to upgrade to version 2.69 to avoid risks.

Trust Wallet has confirmed a significant security breach affecting its Chrome browser extension. The company revealed that approximately $7 million in user funds had been compromised due to a vulnerability in version 2.68 of the extension. The breach was identified after a warning was issued by blockchain investigator ZachXBT, who observed suspicious activities involving the affected extension version.

In response to the breach, Trust Wallet assured users that all impacted individuals would be fully reimbursed. The company stated that addressing the incident and ensuring the safety of its users remains a top priority. Trust Wallet clarified that this security issue was isolated to the Chrome extension version 2.68, and users with other versions, including the mobile-only app, were not affected.

Immediate Actions Taken by Trust Wallet

To mitigate the damage, Trust Wallet swiftly acted by advising users to disable the compromised version and upgrade to version 2.69, which is considered secure. The company emphasized that the vulnerability was exclusive to the specific browser extension version and assured users that no other versions or mobile users were impacted.

Trust Wallet has actively communicated with users throughout the event, explaining the steps for remediation.

Users were also warned not to interact with messages or instructions that did not originate from Trust Wallet’s official channels, as scammers may exploit the situation for further malicious activity. The company stated that it would provide further updates as the refund process is finalized.

Security Concerns Around Browser Extensions

The breach has once again drawn attention to the security risks associated with browser extensions, especially in the crypto wallet space. Updates to such extensions can sometimes introduce vulnerabilities, raising concerns over supply-chain risks. Trust Wallet has not disclosed specific technical details regarding the cause of the breach, but the event has underscored the need for enhanced security measures in crypto wallet software.

Commenting on the issue, Richard Heart, a notable figure in the crypto community, warned against automatic updates in software, citing this as a potential vector for supply chain attacks. He wrote on X,

He continued to emphasize that software updates should not happen automatically and that users should control updates themselves to avoid vulnerabilities introduced by external updates.

Trust Wallet Refund Process and Ongoing Investigation

While Trust Wallet has assured users that their losses will be refunded, the company continues to investigate the root cause of the breach. The incident has raised questions about the security protocols in place for updates and the need for heightened vigilance from users and developers alike.

Trust Wallet has emphasized that users who were impacted by the breach will receive detailed instructions on how to proceed with the refund process. The company also reassured users that they are working on long-term solutions to enhance the security of their products moving forward.

As the investigation continues, Trust Wallet remains committed to transparency and will provide further details as they become available. The company also reiterated that the breach was contained to a single version of the extension, helping to limit the overall impact on users.

The post Trust Wallet to Refund $7M Following Chrome Extension Vulnerability appeared first on CoinCentral.