Late in the evening on December 25, the crypto community began reporting widespread security breaches affecting Trust Wallet users. The incident has prompted immediate action from leadership and serves as a stark reminder of the risks associated with browser-based tools.
The Trust Wallet Breach
The alarm was first raised by on-chain sleuth ZachXBT, who pointed toward the most recent update of the Trust Wallet Chrome browser extension as the likely culprit. This theory was further detailed by a cybersecurity expert known as Akinator, who discovered a malicious script embedded in the upgrade. This script was designed to stealthily harvest wallet data and transmit it to a phishing website.
Key details of the impact:
- Confirmed Losses: Trust Wallet officially acknowledged the attack, noting that hundreds of users were affected with total damages reaching approximately $7 million.
- Fund Tracking: Analytics firm Lookonchain identified the attacker’s addresses. They found that $4.2 million has already been laundered through various platforms, including KuCoin, HTX, FixedFloat, and ChangeNOW.
- Full Compensation: In a move to maintain community trust, Changpeng Zhao (CZ), the owner of Trust Wallet, has publicly committed to fully reimbursing all affected users.
Security Issues at Polymarket
Trust Wallet was not the only platform facing security headwinds this week. The decentralized prediction market Polymarket also reported unauthorized activity.
- The Problem: Numerous users complained of unauthorized login attempts and balances being wiped to zero.
- The Cause: While the Polymarket team has not released specific technical details, they attributed the breach to a vulnerability in a third-party service provider.
- Magic Labs Connection: Based on community feedback and reports, the issue appears to specifically impact users who utilized Magic Labs for their account authentication.
