Users of the Binance-owned Trust wallet lost more than $7 million after the release of an updated chrome extension. Changpenng Zhao, company co-founder said that the company will cover the stolen money of all the affected users. Crypto investigator ZachXBT believes hundreds of Trust Wallet users suffered losses due to the extension flaw.
Trust Wallets in a post on X said, “We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.”
CZ has assured that the company is investigating how threat actors were able to compromise the new version.
Affected users
Mobile-only users and browser extension versions are not impacted. User funds are SAFE,” Zhao wrote in a post on X.
The compromise happened because of a flaw in a version of the Trust Wallet Google Chrome browser extension.
What to do if you are a victim?
If you suffered the compromise of Browser Extension v2.68, follow these steps on Trust Wallet X site:
- To safeguard your wallet's security and prevent any problems, do not open the Trust Wallet Browser Extension v2.68 on your desktop computer.
- Copy this URL into the address bar of your Chrome browser to open the Chrome Extensions panel: chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph
- If the toggle is still "On," change it to "Off" beneath the Trust Wallet.
- Select "Developer mode" from the menu in the top right corner.
- Click the "Update" button in the upper left corner.
- Verify the 2.69 version number. The most recent and safe version is this one.
Please wait to open the Browser Extension until you have updated to Extension version 2.69. This helps safeguard the security of your wallet and avoids possible problems.
How did the public react?
Social media users expressed their views. One said, “The problem has been going on for several hours,” while another user complained that the company ”must explain what happened and compensate all users affected. Otherwise reputation is tarnished.” A user also asked, “How did the vulnerability in version 2.68 get past testing, and what changes are being made to prevent similar issues?”
