Malicious Security Breach at Trust Wallet: What We Know
A severe security breach hit Trust Wallet, a Binance-owned platform, on Thursday, resulting in over $7 million in losses as funds were drained from affected user wallets. This incident has raised significant concerns among cryptocurrency users, prompting an urgent response from the company.
Immediate Response from Trust Wallet
Just two days post-breach, Trust Wallet’s CEO, Eowyn Chen, took to social media to address the situation. In her detailed post, she outlined the incident’s impact, actions being taken to mitigate risks, and preliminary findings related to the hack. She emphasized that the investigation was ongoing and committed to sharing only confirmed facts and updates, allowing users to understand the implications fully.
Who Was Affected?
Chen clarified that the security incident specifically impacted users who had opened and logged into the Trust Wallet Browser Extension version 2.68. Crucially, users on mobile apps, other versions of the browser extension, and those who logged in to version 2.68 after December 26 at 11:00 UTC remain unaffected and secure.
Steps to Mitigate Impact
In response to the malicious breach, Trust Wallet has swiftly initiated several measures:
-
Malicious Domain Suspension: The compromised domain was reported to the registrar, NiceNIC, leading to its suspension. This step ensures that even users still using the affected extension do not face additional risks.
-
API Expiration: All release APIs were expired, halting any new versions for the following two weeks. This is a precautionary measure to prevent further incidents while investigations are underway.
-
Victims’ Compensation: Trust Wallet has started to collect reports from affected users and is in the process of organizing reimbursements. Details about the compensation plan are still being finalized.
- Forensic Analysis: Internal investigations are ongoing to identify the vulnerability. Trust Wallet is awaiting logs from Google’s support team to enable a deeper analysis of the attack’s root cause.
Insights into the Attack
Preliminary investigations reveal that the malicious extension did not undergo the platform’s standard internal manual release processes. Instead, Chen indicated it was likely published externally through the Chrome Web Store API key, circumventing typical release checks. This raises critical questions about potential vulnerabilities in the release protocols.
Another working hypothesis points to the possibility that hackers used a leaked Chrome Web Store API key to submit the malicious extension, which managed to pass Google’s review processes, placing users at risk.
The Mechanics of the Hack
The hack occurred on December 25, just one day after version 2.68 of the Trust Wallet Chrome browser extension was released. Attackers implemented hidden malicious code disguised as an analytics feature within the extension. Users who installed this version and entered their seed phrases unknowingly granted hackers access to their wallets, allowing the criminals to restore wallets and drain funds swiftly.
Assurances from Binance
In light of the distressing news, Binance founder Changpeng Zhao has reassured users that Trust Wallet pledged to fully reimburse all affected individuals. Zhao also mentioned that the investigation would explore how the hackers successfully submitted the rogue update, hinting at the possibility of insider involvement.
What’s Next?
As Trust Wallet continues to address the fallout from this serious breach, users are encouraged to remain vigilant and stay updated on the company’s forthcoming announcements. The cryptocurrency community watches closely as investigations progress, hoping for timely resolutions and enhanced security measures to prevent future incidents.
