Trust Wallet users lost more than $7 million shortly after it released an updated version of its extension for the Chrome web browser. The stolen funds will be refunded, said Changpeng Zhao, co-founder of crypto exchange Binance, which owns the utility.
The breach, reported on December 25 by on-chain detective ZachXBT, was confirmed by the wallet team.
“Community Alert: Several Trust Wallet users have reported funds being drained from wallet addresses in the last two hours,” ZachXBT posted on Telegram. “While the exact root cause has not been determined by coincidence, the Trust Wallet Chrome extension released a new update yesterday.”
Crypto wallets store keys to users’ cryptocurrency holdings, and malicious actors who gain access can authorize fund transfers to destinations they control. Cryptocurrency theft increased to $6.75 billion this year, according to a Chainalysis report. The number of thefts from personal wallets increased from 64,000 last year to 158,000, although the amount stolen represented 20% of the total, up from 44%, he said.
The breach affects version 2.68 of the Trust Wallet browser extension, the wallet team posted on X, urging users not to open that version and update to version 2.69. “Mobile-only users and all other versions of browser extensions are not affected.”
