Trust Wallet, a popular cryptocurrency wallet, recently had a security problem that affected one of its browser extensions. Some users noticed that their digital money was taken from their wallets very quickly. These issues were reported by ZachXBT, an investigator who studies blockchain activities.
Trust Wallet is a tool that helps users safely store, send, and receive cryptocurrencies. You can learn more about it here.
What Happened?
Users suddenly found their money missing from their wallets. ZachXBT noticed that these problems happened after a new update was made to the Trust Wallet browser extension for Chrome. A browser extension is a small software program you can add to your web browser to give it extra features. Read more about browser extensions here.
Shortly after ZachXBT raised the alarm, a company called SlowMist, which focuses on blockchain security, explained what might have gone wrong. Blockchain security means keeping digital transactions safe and protected from unauthorized access. Learn more about blockchain security here.
According to SlowMist, the vulnerable version was 2.68 of the Trust Wallet browser extension. This version might have been attacked through a supply chain attack. A supply chain attack happens when hackers harm a system by getting into less secure parts of it. Discover more about supply chain attacks here.
How Did This Happen?
In this case, the attackers might have added harmful computer code into the browser extension. When users opened their wallet, this code could steal their seed phrases. A seed phrase is a set of secret words that help someone access their cryptocurrency wallet. If someone gets your seed phrase, they can get to your money. See what a seed phrase is here.
What Is Trust Wallet Doing About It?
Trust Wallet shared a message about the problem. They said the issue only impacted the Chrome browser extension version 2.68. Users who store their money on mobile apps or use other versions of the extension were not affected. Trust Wallet asked users of the affected version not to open the extension and to quickly update it to version 2.69 through the official Chrome Web Store.
Additionally, ZachXBT later shared that people who lost money in this attack would be paid back.
What Did Binance’s Founder Say?
Changpeng Zhao, also known as CZ, is the founder of Binance, which owns Trust Wallet. He talked about the situation publicly. CZ said that Trust Wallet would pay for the losses caused by this issue. He also reassured users that their money would still be safe. Learn more about CZ here.
CZ estimated that about $7 million was lost in this incident. He called it a hack and suggested there might have been internal involvement. This means someone with inside knowledge of how Trust Wallet works might have been involved in the attack.
How Common Are Such Hacks?
This problem with Trust Wallet highlights growing worries about the safety of browser-based wallets. These wallets are often targeted through supply chain attacks, like in this case, or malicious updates.
In general, hacking and stealing in the cryptocurrency world have been increasing. A company called Chainalysis studies blockchain data. They estimated that from January to early December of this year, over $3.4 billion worth of cryptocurrency was stolen. This is slightly more than the $3.38 billion stolen in the same time period last year. You can read more about Chainalysis here.
Interestingly, personal wallets have become a bigger target for thieves. Last year, personal wallets made up just 7.3% of total stolen cryptocurrency value. This year, that number jumped to 44%.
Conclusion
The Trust Wallet security issue shows how important it is to stay vigilant in the cryptocurrency world. Users should always update their software, use trustworthy tools, and avoid sharing their seed phrases. The incident also reminds companies to take extra care in protecting user funds from hackers, especially as new threats like supply chain attacks continue to rise.