A malicious security breach struck Binance-owned Trust Wallet on Thursday, leading to losses of more than $7 million as funds were drained from affected user wallets on the platform.
Just two days later, on Saturday, Trust Wallet CEO Eowyn Chen issued a detailed post on social media platform (formerly Twitter), outlining the impact of the incident, the measures being taken to contain the hack, and what the company has established so far about the attack.
“This is an ongoing investigation, so I’ll focus on confirmed facts and updates, highly likely hypothesis, and what we’re doing to stop loss for users,” she noted in the X post.
Who does it affect and who needs not to worry?
According to Chen, the investigation so far has confirmed that this security incident only impacts users who opened and logged into Trust Wallet’s Browser Extension version 2.68.
She also noted that the breach does not affect any mobile app users, any other versions of browser extension users, as well as extension v2.68 users who opened and logged in after 26 December, 11:00 UTC.
Hence, all these users remain unaffected by the incident and their accounts, data, and assets are considered secure.
What steps are being take to offset the impact?
In order to minimise the impact of the incident for users, the firm has reportedly taken the following steps:
— The malicious domain has been reported to the registrar, NiceNIC, and has since been suspended, ensuring that even users still on Extension v2.68 face no risk of any further loss.
— All release APIs have been expired, meaning no new releases will be possible for the next 2 weeks.
— The platform has actively began collecting victims’ tickets and processing reimbursement. Some details are still hashing out.
Meanwhile, internal forensic analysis is ongoing and a response from Google’s support team for additional logs is still awaited to further analyze the root cause, the chief executive said in the post.
What the company knows about the attack?
The investigation also suggests that the malicious extension was not released through the platform’s internal manual process, and that it was most likely published externally through Chrome Web Store API key, bypassing the standard release checks, Chen clarified.
Another working hypothesis, which is still under investigation, suggests that the hacker used a leaked Chrome Web Store API key to submit the malicious extension version, which succeeded in passing Chrome Web Store’s review, she added.
Details about the hack
The hack, which took place on 25 December, was reportedly caused by hidden malicious code disguised as an analytics feature within version 2.68 of Trust Wallet’s Chrome browser extension, released a day earlier.
Users who installed the affected version and imported their seed phrases unknowingly handed attackers access to their wallets. With access to seed phrases, they simply restored wallets elsewhere and drained everything.
Binance founder Changpeng Zhao assured users that Trust Wallet will fully reimburse all affected users. He also mentioned the team is investigating how hackers were able to submit the malicious update, suggesting a possible insider involvement, according to an official statement.
