.png){kind=logo}
Trust Wallet reported that a breach has resulted in the loss of $6 million in user funds, raising alarms about browser-based crypto wallets. The company has confirmed the breach, which affected users running browser extension version 2.68. Attackers took advantage of the update to siphon funds to multiple blockchains.
ZachXBT, an on-chain investigator, brought the issue to attention by indicating a pattern of suspicious outflows from Trust Wallet addresses.
Victims all had a common factor, which was the installation of the newly released browser extension update. Shortly after importing their seed phrases, users reported their wallets being drained within minutes.
Trust Wallet later acknowledged a “security incident” limited to extension version 2.68, urging users to immediately disable the extension and upgrade to version 2.69.
The company emphasized that mobile app users and other extension versions were not affected.
Initial estimates believed the losses would be low millions, but upon further analysis, hundreds of users were affected, and the total amount of stolen funds exceeded $6 million.
The assets that were stolen reportedly consisted of Bitcoin, Solana, and various EVM-based tokens. Data from Arkham shows that the attackers distributed the funds through multiple receiving addresses, making it complicated to recover.
Some users saw a complete loss of their crypto holdings during the Christmas holiday. In some instances, the transactions that emptied wallets occurred within a narrow time window, pointing to the exploit being automated.
According to community researchers, the update that was compromised had malicious code that intercepted sensitive wallet information. Browser extensions, by nature, operate with heightened permissions, which allow access to local storage and web activity.
Abuse of this feature may result in silent credential gathering, since it does not trigger further security notifications.
According to reports, just importing a seed phrase into the compromised wallet extension was sufficient to start immediate fund transfers.
The Trust Wallet incident has increased the conversation about self-custody and the security of the DeFi infrastructure.
Non-custodial wallets are designed to give complete control to users, imposing the responsibility of security on the users, which puts them at risk of being affected by malicious updates or human errors.
The incident might lead to greater regulatory scrutiny, thus speeding calls for mandatory security audits, tighter control over updates, and better supervision of wallet providers.
On the other hand, it may also promote the use of new methods such as multi-signature wallets, MPC-based custody models, and institutional-grade security frameworks.
Also Read: How Indians Can Use Crypto Wallets Safely While Following PMLA Regulations
The support team of Trust Wallet has reported that they are actively engaging with affected users and investigating next steps.
Experts recommend that users refrain from entering their seed phrases in any browser extension, use hardware where possible, and verify the updates through the official channels.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance on cryptocurrencies and stocks. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. This article is provided for informational purposes and does not constitute investment advice. You are responsible for conducting your own research (DYOR) before making any investments. Read more about the financial risks involved here.
