Trust Wallet users lost more than $7 million shortly after releasing an updated version of its extension for the Chrome web browser. The stolen funds will be refunded, said Changpeng Zhao, co-founder of crypto exchange Binance, which owns the utility.
The breach, reported on December 25 by onchain detective ZachXBT, was confirmed by the wallet team.
“Community Alert: A number of Trust Wallet users have reported that funds have been withdrawn from wallet addresses in the last few hours,” ZachXBT posted on Telegram. “While the exact cause has not been determined by chance, the Trust Wallet Chrome extension launched a new update yesterday.”
Crypto wallets store keys to users’ cryptocurrency holdings, and bad actors who access them can authorize fund transfers to destinations they control. Crypto theft reached $6.75 billion this year, according to a report from Chainalysis. The number of personal wallet compromises increased from 64,000 last year to 158,000, although the amount stolen was 20% of the total, up from 44%, according to the report.
The breach affects version 2.68 of Trust Wallet’s browser extension, the wallet team posted on X, urging users not to open this version and upgrade to version 2.69. “Mobile users only and all other versions of browser extensions are not affected.”
