Trust Wallet Chrome Extension Taken Offline Amid Update Bug

TLDR

• Trust Wallet halted its Chrome extension update due to a Chrome Web Store bug.
• The update included tools for victims of a $7 million Christmas Day hack.
• Over 2,500 wallet addresses were identified as affected by the breach.
• Around 5,000 claims were received, many flagged as false or duplicate.

The Trust Wallet browser extension is temporarily offline after a technical issue blocked the release of a new version. The update was intended to introduce tools to help users affected by a recent crypto hack submit claims for fund recovery. CEO Eowyn Chen confirmed the issue in a public statement, attributing the delay to a bug in the Chrome Web Store.

The update comes after Trust Wallet suffered a Christmas Day security breach, which resulted in a $7 million loss. Affected users have been awaiting the release of the new extension, which contains features specifically designed to verify and process their reimbursement claims.

Thousands of Claims Raise Concerns About Fraudulent Submissions

According to Chen, Trust Wallet has identified 2,596 wallet addresses impacted by the breach. However, the company has already received about 5,000 claims, signaling a large number of false or repeated submissions.

“So far, we’ve identified 2,596 affected wallet addresses. From this group, we’ve received around 5,000 claims,” Chen shared via X The company is now taking steps to filter out incorrect or malicious entries to ensure only legitimate victims are reimbursed.

The reimbursement process is currently on hold due to the halted browser extension update, which was meant to include a verification system for affected users.

Hack Tied to Supply Chain Attack Exploiting Development Secrets

Trust Wallet has released an internal report detailing the nature of the breach. It attributes the incident to a broader supply chain attack named “Sha1-Hulud,” which compromised npm packages used by blockchain developers. This exploit led to the exposure of internal development secrets.

These secrets reportedly included the browser extension’s source code and Chrome Web Store API key. The attacker used the stolen key to upload a malicious version of the Trust Wallet extension, which remained live on the Chrome Web Store.

The security breach highlights the risks involved with software supply chains and browser-based crypto tools that stay connected to the internet.

Insider Access Suspected Due to Familiarity With Code

Some experts, including Binance co-founder Changpeng Zhao (CZ) and blockchain adviser Anndy Lian, believe the attack may have involved someone with inside knowledge. They pointed out the attacker’s understanding of the Trust Wallet codebase and development environment.

“This kind of ‘hack’ is not natural. The chances of an insider are high,” said Lian in a post following the incident.

Trust Wallet has advised users to stay alert for fake extensions and not to download any version of the browser extension until the legitimate update is restored to the Chrome Web Store. The company continues to investigate the source of the exploit and improve its internal security protocols.

The post Trust Wallet Chrome Extension Taken Offline Amid Update Bug appeared first on CoinCentral.