Multiple users reported their Trust Wallet Chrome extension was compromised on December 24, leading to over $6 million in stolen cryptocurrency assets. Threat actors exploited a malicious update and a phishing campaign to exfiltrate wallet data and trick users into revealing seed phrases. #TrustWallet #ChromeExtensionSecurity
Keypoints
- Trust Walletβs Chrome extension was compromised after a December 24 update, leading to wallet drain incidents.
- Threat actors embedded suspicious code in version 2.68.0, which exfiltrated sensitive wallet data to a malicious domain.
- Security researchers confirmed that the exfiltration targeted seed phrases, enabling full wallet access for attackers.
- Trust Wallet issued a security alert, advising users to upgrade to version 2.69 for protection.
- Attackers launched a phishing scam via fake βsecurity fixβ websites requesting seed phrases to steal funds.