Trust Wallet Goes Dark on Chrome – $7M Hack Victims Left Waiting for Claims Tool

Trust Wallet users affected by a recent browser extension hack are facing new delays after the wallet provider confirmed that the Chrome extension has been temporarily removed from the Chrome Web Store.

This resulted in delaying the rollout of an important claims verification tool related to the incident.

Trust Wallet CEO Eowyn Chen said the extension became unavailable after the company encountered a bug in the Chrome Web Store while attempting to release a new version.

The delayed update aimed to introduce a verification feature designed to help victims of the Christmas Day hack confirm ownership of the wallet and submit refund claims securely.

Chen said Google has acknowledged the problem and is escalating it internally, while warning users to remain alert to fake or imitated versions of the extension circulating online.

Attackers exploited the Fake Trust Wallet update to steal funds

The outage comes as Trust Wallet continues to manage the fallout from a security breach that began unfolding in late December.

On December 25, the company confirmed that a malicious version of its Chrome browser extension, version 2.68, had been distributed through the Chrome Web Store outside the normal release process.

The compromised extension allowed attackers to access sensitive wallet data and make unauthorized transactions, leading to millions of dollars in losses.

Trust Wallet’s internal investigation shows that only users who had version 2.68 installed and logged into their wallets between December 24 and 26 were affected.

Mobile app users, users of other extension versions, and those who installed or logged in after December 26 were not affected.

The company said it identified 2,520 wallet addresses emptied during the incident, with approximately $8.5 million in assets linked to 17 attacker-controlled wallets.

However, the wallet noted that some of those attackers also targeted wallets unrelated to Trust Wallet.

Security researchers later confirmed that the malicious build appeared legitimate and passed Chrome’s review process, but contained hidden code that could extract recovery phrases.

Multiple users said simply importing a seed phrase into the extension caused an immediate outflow of funds across multiple blockchains.

Trust Wallet cleans up extension hack; The number of false compensation frauds is increasing

Trust Wallet traced the breach to a broader supply chain attack known as Sha1-Hulud, which emerged in November and affected multiple companies via compromised developer tools.

The company said that by exposing GitHub secrets and a leaked Chrome Web Store API key, the attacker was able to upload the malicious extension directly, bypassing internal approval controls.

In response, Trust Wallet has gone back to a clean release, published version 2.69 and compromised publishing credentials disabled. A voluntary repayment scheme was also announced, which they promised to all those people who were found to be victims.

On December 29, it opened a formal claims process, asking users to provide wallet addresses, transaction hashes and identification details through an official support portal.

In its response to over 5,000 claims, the company indicated that it is inundated with claims as the number of verified affected wallets is much lower, and it is a concern that there could be duplicate or false claims.

It’s the cause of that discrepancy that led to the creation of another authentication mechanism that was supposed to come with the next browser extension update, but was delayed by the Chrome Web Store issue.

The event continues to contribute to an increasing number of wallet-related escapades in the crypto industry.
Industry data shows that the share of personal wallet compromises has continued to rise as the share of stolen money increases.

The post Trust Wallet Goes Dark on Chrome – $7 Million Hack Victims Still Waiting for Claims Tool appeared first on Cryptonews.

Source link