Victims of Malicious Browser Update Can Now Submit Verified Claims
Trust Wallet has begun a formal compensation process for users impacted by a recent security breach involving its Chrome browser extension. The incident, which surfaced during the December holiday period, led to the loss of roughly $7 million in cryptocurrency after attackers distributed a compromised software update.
The breach was linked specifically to version 2.68 of the Chrome extension. Investigations revealed that attackers used a leaked Chrome Web Store API key to push a malicious update without passing normal internal security reviews. Once installed, the altered extension secretly captured wallet recovery phrases, allowing unauthorized access to user funds.
The issue was discovered shortly after release, prompting an emergency update. Version 2.69 removed the malicious code, and users who accessed the extension before a defined cutoff time were identified as potentially affected.
Scope of Losses and Blockchain Impact
Stolen assets spanned multiple networks, including Bitcoin, Ethereum, and Solana. Blockchain analysis showed that millions of dollars were rapidly funneled through centralized exchanges, while a portion of the funds remains in attacker-controlled wallets.
Crucially, mobile wallet users were not affected, and no issues were detected in other browser versions of the extension.
Trust Wallet has pledged to fully reimburse verified victims. A claims form hosted on its official support portal requires wallet addresses, transaction hashes, and attacker destination details for verification.
Users are being cautioned to avoid fraudulent compensation websites and impersonation scams, as bad actors attempt to exploit the situation.
The incident underscores growing concerns around browser-based crypto security. While Trust Wallet’s rapid response and reimbursement commitment may help restore confidence, the breach highlights the importance of strict release controls and user vigilance in the digital asset space.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.