{"id":106,"date":"2025-12-29T16:36:23","date_gmt":"2025-12-29T16:36:23","guid":{"rendered":"https:\/\/1stblock.info\/?p=106"},"modified":"2025-12-29T16:36:23","modified_gmt":"2025-12-29T16:36:23","slug":"trust-wallet-security-crisis-and-polymarket-vulnerabilities","status":"publish","type":"post","link":"https:\/\/1stblock.info\/?p=106","title":{"rendered":"Trust Wallet Security Crisis and Polymarket Vulnerabilities"},"content":{"rendered":"\n<p>Late in the evening on December 25, the crypto community began reporting widespread security breaches affecting <strong>Trust Wallet<\/strong> users. The incident has prompted immediate action from leadership and serves as a stark reminder of the risks associated with browser-based tools.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Trust Wallet Breach<\/h3>\n\n\n\n<p>The alarm was first raised by on-chain sleuth <strong>ZachXBT<\/strong>, who pointed toward the most recent update of the <strong>Trust Wallet Chrome browser extension<\/strong> as the likely culprit. This theory was further detailed by a cybersecurity expert known as <strong>Akinator<\/strong>, who discovered a malicious script embedded in the upgrade. This script was designed to stealthily harvest wallet data and transmit it to a phishing website.<\/p>\n\n\n\n<p><strong>Key details of the impact:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Confirmed Losses:<\/strong> Trust Wallet officially acknowledged the attack, noting that hundreds of users were affected with total damages reaching approximately <strong>$7 million<\/strong>.<\/li>\n\n\n\n<li><strong>Fund Tracking:<\/strong> Analytics firm <strong>Lookonchain<\/strong> identified the attacker&#8217;s addresses. They found that <strong>$4.2 million<\/strong> has already been laundered through various platforms, including KuCoin, HTX, FixedFloat, and ChangeNOW.<\/li>\n\n\n\n<li><strong>Full Compensation:<\/strong> In a move to maintain community trust, <strong>Changpeng Zhao (CZ)<\/strong>, the owner of Trust Wallet, has publicly committed to <strong>fully reimbursing all affected users<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security Issues at Polymarket<\/h3>\n\n\n\n<p>Trust Wallet was not the only platform facing security headwinds this week. The decentralized prediction market <strong>Polymarket<\/strong> also reported unauthorized activity.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The Problem:<\/strong> Numerous users complained of unauthorized login attempts and balances being wiped to zero.<\/li>\n\n\n\n<li><strong>The Cause:<\/strong> While the Polymarket team has not released specific technical details, they attributed the breach to a <strong>vulnerability in a third-party service provider<\/strong>.<\/li>\n\n\n\n<li><strong>Magic Labs Connection:<\/strong> Based on community feedback and reports, the issue appears to specifically impact users who utilized <strong>Magic Labs<\/strong> for their account authentication.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Late in the evening on December 25, the crypto community began reporting widespread security breaches affecting Trust Wallet<\/p>\n","protected":false},"author":2,"featured_media":107,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-last-news"],"brizy_media":[],"_links":{"self":[{"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/posts\/106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/1stblock.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=106"}],"version-history":[{"count":1,"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions"}],"predecessor-version":[{"id":108,"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions\/108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/1stblock.info\/index.php?rest_route=\/wp\/v2\/media\/107"}],"wp:attachment":[{"href":"https:\/\/1stblock.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1stblock.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1stblock.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}