Trust Wallet opens compensation portal for victims of Chrome browser exploit

Trust Wallet has launched a formal compensation package for victims of a security incident affecting its Chrome browser extension. The platform announced the breach in a post, noting that malicious code was embedded in version 2.68 of the software. The wallet provider urged users to disable the malicious version and move to version 2.69.

The official statement also coincided with an update from on-chain researcher ZachXBT, who identified more than $6 million in stolen funds. ZachXBT claimed that hundreds of wallets, including Ethereum, Bitcoin, and Solana, were affected by the exploit. He noted that he was unsure if the exploit had compromised private keys themselves, but urged users to generate new wallets.

While some users lost small amounts of BTC, the hacker was able to steal thousands of dollars from other users.

Trust Wallet launches compensation package for its users

In its statement, Trust Wallet mentioned that affected users can now submit claims through an official support form hosted on its portal. The process requires victims of the hack to provide their email address, compromised wallet addresses, country of residence, the hacker’s receiving addresses, and relevant transaction details.

Trust Wallet has also promised to compensate every user affected by the mishap.

“We are working around the clock to finalize the compensation process details, and each case requires careful verification to ensure accuracy and security,” Trust Wallet wrote on X.

The wallet provider confirmed that approximately $7 million in digital assets were siphoned from different wallets across multiple blockchains. According to blockchain security firm PeckShield, more than $4 million in stolen funds have been moved through centralized exchanges like ChangeNOW, FixedFloat, and KuCoin.

The blockchain security firm highlighted that the hacker still holds more than $2.8 million in his wallets as of the last update. Changpeng Zhao, the co-founder and former CEO of Binance, which acquired Trust Wallet in 2018, confirmed on X that the company will cover all the affected losses.

“So far, $7m affected by this hack. TrustWallet will cover,” Zhao wrote on X, assuring the public that user funds “are SAFU.”

Speaking about the exploit, Trust Wallet CEO Eowyn Chen noted that users who logged into the extension before December 26 at 11 AM UTC were potentially affected. Chen mentioned that during its investigation, the company discovered that a leaked Chrome Web Store API key was used to publish a compromised extension on December 24 at 12:32 PM UTC, bypassing the company’s internal release process.

Hackers targeted users’ wallet seed phrases

The malicious code was identified by SlowMist, with the blockchain security firm noting that it was designed to harvest wallet seed phrases using a modified open-source analytics library. Mobile application users and those running other versions of the browser extension were not affected by the incident. Trust Wallet’s Chrome extension has about one million users, according to its Web Store listing.

This development comes at a time when Coinbase mentioned that it would reimburse more than $400 million to affected users and repair other damages after it apprehended a support agent who was linked to a massive security breach earlier this year in India.

The arrest was confirmed by Coinbase and the Indian police and comes months after hackers bribed support staff to steal user information.

The breach, which began in May, saw the hackers ask for a $20 million ransom, and the company faced a $400 million fallout.

“What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them to obtain customer data,” said Philip Martin, Coinbase’s Chief Security Officer.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.