Trust Wallet Hack 🚨: Crypto Users Warned! 💰

Wallet Chaos: Trust Wallet Users Face Massive Drain Attacks
Several users of the Trust Wallet Chrome extension have reported that their cryptocurrency wallets were drained following the installation of a compromised extension update released on December 24th, triggering an immediate response from the company and cautionary warnings for affected users.

Phishing Scam Amplifies the Damage
Simultaneously, BleepingComputer observed threat actors deploying phishing domains falsely claiming to offer a “vulnerability” fix, which instead resulted in further drained wallets. Users were directed to suspicious websites, like fix-trustwallet[.]com, that mimicked Trust Wallet’s branding and requested their wallet recovery seed phrase.

Hidden Exfiltration: The Root of the Problem
Security analyst Akinator advised users to refrain from using the Trust Wallet Chrome extension until the issue is resolved. The problematic logic resides in a bundled JavaScript file named 4482.js, containing tightly packed code designed to exfiltrate sensitive wallet data to an external server at api.metrics-trustwallet[.]com.

A Race Against Time: Trust Wallet Responds
Yesterday evening, Trust Wallet confirmed that a “security incident” had affected version 2.68.0 of its Chrome extension, advising users to update immediately to version 2.69 to resolve the issue. This rapid response, coupled with user-guided instructions, attempted to stem the damage and prevent further exploitation.

Urgent Security Measures: Protecting Your Assets
To help secure your wallet, Trust Wallet recommends: “Until you have updated, do not open the Trust Wallet Browser Extension on your desktop device to ensure the security of your wallet and prevent further issues.” Users are advised to follow the step-by-step update guide as soon as possible. Official Trust Wallet Browser Extension: To address potential security concerns, users are directed to chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph.