Trust Wallet, a popular global provider of non-custodial cryptocurrency wallets, recently confirmed a serious security incident involving a browser extension, resulting in hundreds of users having their assets stolen, with initial estimated losses exceeding $6 million. The incident quickly garnered attention after renowned on-chain investigator ZachXBT issued an urgent warning on Telegram, stating that numerous reports from Trust Wallet users indicated unusually large withdrawals from their wallets had occurred in a short period.
According to ZachXBT, while the exact cause of the attack has not been precisely determined, victim reports suspiciously coincide with the release of a new update for the Trust Wallet Chrome extension. Based on the initial list of stolen wallet addresses, this investigator estimates that the attackers stole over $6 million from hundreds of different users, suggesting this was not an isolated incident but a widespread one.
On Thursday, Trust Wallet confirmed they had discovered a security vulnerability directly affecting Trust Wallet Browser Extension version 2.68. The project team urged users currently using this version to immediately disable it and upgrade to version 2.69 to avoid further risks. Trust Wallet emphasized that only extension version 2.68 is affected, while users of the mobile app and other extension versions are completely unaffected.
You may not know this, but the BingX exchange offers many privileges for new members and VIP members.
Notably, Trust Wallet also advises those who haven't yet upgraded to version 2.69 not to open browser extensions until the update is complete, as accessing them during this time could create more opportunities for malicious actors to exploit the vulnerability. A Trust Wallet representative stated that the team is working urgently to conduct a thorough investigation into the incident and is committed to continuously updating the user community with the latest information as soon as possible to minimize damage and restore trust.
