- Trust Wallet Chrome extension version 2.68 contained malicious code that led to roughly $7 million in stolen crypto.
- The extension’s developer urged users to update immediately to version 2.69 and said affected users will be refunded, according to company posts.
- Security firm SlowMist says the attacker exfiltrated decrypted mnemonic phrases to an attacker server using the open-source analytics library PostHog.
- About $3 million in Bitcoin and over $3 million in Ethereum were taken; substantial sums were sent to centralized exchanges and bridges, per PeckShield.
Trust Wallet told users on its official account that a security incident in its Google Chrome extension version 2.68 led to losses of about $7 million and urged an immediate update to version 2.69, per the company post on X. The extension has roughly one million users listed in the Chrome Web Store.
SlowMist analyzed the code and reported that the malicious change iterated through stored wallets, requested each wallet’s mnemonic phrase, decrypted it after wallet unlock, and sent it to the attacker server. “The encrypted mnemonic is then decrypted using the password or passkeyPassword entered during wallet unlock,” the firm wrote on X. The attacker routed data through an attacker-controlled analytics endpoint api.metrics-trustwallet[.]com and used the PostHog analytics library as the exfiltration channel.
A mnemonic phrase is a sequence of words that can restore a cryptocurrency wallet. An analytics library is a software tool that collects usage data. A cross-chain bridge is a service that moves assets between blockchains. A centralized exchange (CEX) is a crypto trading platform that holds user assets.
Stolen funds include about $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum. PeckShield reported that roughly $2.8 million remains in Hacker wallets while over $4 million moved to CEXs: about $3.3 million to ChangeNOW, $340,000 to FixedFloat, and $447,000 to KuCoin. The transfers were routed through exchanges and bridges, and investigators say hundreds of users were affected, as reported by blockchain investigator ZachXBT.
Trust Wallet stated on its account that it will refund impacted users and advised users not to interact with messages outside official channels. Mobile users and other browser extension versions are not affected. Binance co‑founder Changpeng Zhao hinted the exploit was “most likely” carried out by an insider.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Aave DAO Rejects Bid to Force Labs Hand Over Brand Assets Now
- Nvidia Gains After $20B Groq Licensing Deal for Inference AI
- Crypto Retreats as Metals Rally on Rising Geopolitical Risk.
- Bitfarms Joins TSX Composite, Shifts to AI/HPC Data Centers.
- Tokenized commodities near $4B as gold, silver hit records!!
