Following the incident involving Trust Wallet's Chrome extension, the story heated up again on December 26, 2023, when Changpeng Zhao (CZ) publicly spoke out, suggesting that the leak might have involved an insider.
This information emerged after Trust Wallet confirmed that approximately $7 million of its users' funds had been affected to date.
An insider approach is the primary direction of the investigation.
CZ stated that Trust Wallet will provide a full refund to all affected users and affirmed that customer funds remain secure.
However, he added that investigators are still trying to figure out why the malicious Chrome extension update was able to pass pre-release testing, and suggested that insider interference in the process is "most likely."
These statements have raised concerns about internal access management and software update processes, rather than simply external attacks.
Trust Wallet later confirmed that the issue only affected browser extension version 2.68, further emphasizing that users on mobile devices and other versions were not affected.
The company said it is finalizing the refund process and will soon send specific instructions to affected users.
During this time, users need to be wary of fraudulent schemes impersonating official support departments.
Information regarding suspected insider involvement in the incident is drawing significant attention from the crypto security community. Updating browser extensions requires signing keys, developer credentials, and a rigorous update approval process.
For a malicious update to be released through the official Chrome Web Store, investigators typically XEM two possibilities: stolen login credentials or direct insider collusion.
Regardless of the scenario, it points to an internal security vulnerability rather than a traditional software engineering flaw.
These risks are not just theoretical. Over the past year, several incidents involving popular browser extensions have stemmed from compromised developer accounts or compromised release processes.
The TWT Token experienced a brief dip before recovering.
The market reaction indicated instability. Trust Wallet's native Token , TWT, experienced a sharp sell-off following the initial report on December 25, 2023.
However, the price of TWT stabilized and recovered on December 26, 2023, after Trust Wallet confirmed the damage was under control and planned to refund users.
TWT Token price chart. Source: CoinGeckoAlthough Trust Wallet handled the incident quickly, this story highlights a major challenge facing the entire industry.
As crypto wallets become increasingly reliant on browser extensions, security updates and the risk of insider exploitation are becoming a serious vulnerability, rather than a minor issue in this field.
