In a significant security breach, users of the Binance-owned Trust Wallet have suffered losses exceeding $7 million. The incident was linked to a vulnerability in the recently updated Chrome browser extension version 2.68. The platform's co-founder, Changpeng Zhao (CZ), has publicly committed to reimbursing all affected users.
Details of the Security Incident
The crypto wallet provider identified the security flaw specifically in the Browser Extension version 2.68. In an official post on social media platform X on December 25, Trust Wallet stated, "We've confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded." The company urgently advised all users of the compromised version to immediately disable it and upgrade to the patched version 2.69.
Changpeng Zhao added that the team is actively investigating how hackers managed to exploit the updated version. He reassured the community that the company is taking full responsibility. Importantly, the breach was contained to the desktop browser extension. Mobile app users and those on other browser extension versions were not affected.
Step-by-Step Guide for Affected Users
If you are using Trust Wallet Browser Extension v2.68, follow these instructions from the official X post to secure your assets:
- Do not open the Trust Wallet Browser Extension v2.68 on your desktop to prevent further risk.
- Open the Chrome Extensions panel by pasting this URL: chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph.
- Switch the toggle to "Off" for the Trust Wallet extension.
- Click "Developer mode" in the upper right corner.
- Press the "Update" button on the upper left.
- Verify that the version number is now 2.69, the latest secure version.
Users are strongly advised not to open the extension until this update is complete.
Community Reaction and Trust Wallet's Profile
The news triggered immediate concern and criticism on social media. One user pointed out that the "problem has been going on for several hours," while another demanded transparency: "You must explain what happened and compensate all users affected. Otherwise reputation is tarnished." Others questioned the security protocols, asking how the vulnerability bypassed testing.
Trust Wallet, acquired by global crypto exchange giant Binance in 2018, is a popular self-custody wallet. It allows users to store, swap, and manage cryptocurrencies, NFTs, and other digital assets. According to its website, the wallet has been downloaded over 100 million times and supports more than 10 million assets across 100 blockchains.
This incident underscores the persistent security challenges in the cryptocurrency space, even for platforms backed by major industry players. While the promise of reimbursement offers some relief, it highlights the critical importance of timely software updates and robust security testing for all crypto service providers.
