Trust Wallet Browser Extension Compromised in $7M Hack, Binance to Cover Losses

Trust Wallet experienced a significant security breach affecting its Chrome browser extension, resulting in the theft of over $7 million in Bitcoin, Ethereum, BNB, and USDC, according to blockchain investigator ZachXBT ^[1].

The incident specifically targeted users of Browser Extension version 2.68, which was released on December 24. Multiple users reported unauthorized withdrawals from their wallets within hours of the update's rollout, with funds drained without approval transactions ^[1].

Binance co-founder Changpeng "CZ" Zhao confirmed that Trust Wallet will reimburse all affected users, stating "User funds are SAFU" in a December 26 social media post. The team is investigating how attackers managed to submit the compromised extension version ^[1].

Trust Wallet has urged users with version 2.68 to immediately disable the extension and upgrade to version 2.69. The company emphasized that mobile wallet users and other extension versions were not affected by the security incident ^[1].

ZachXBT identified several wallet addresses linked to the attack, including 0x3b09A3c9aDD7D0262e6E9724D7e823Cd767a0c74, which received funds from multiple compromised wallets. Users who may have been affected are advised to transfer remaining assets to new wallets created with fresh seed phrases ^[1].