Trust Wallet confirmed a critical flaw in extension version 2.68, with over $6 million stolen, prompting urgent upgrades and highlighting ongoing PostHog-related data collection risks.
Trust Wallet acknowledged a security vulnerability in browser extension version 2.68 that enabled attackers to steal over $6 million in crypto assets. Users are advised to disable the compromised version and upgrade to 2.69 via the official Chrome Web Store. SlowMist’s analysis indicated that a malicious PostHog script was embedded in the extension to collect sensitive wallet information, with evidence suggesting attackers were familiar with the extension’s source code. The patched release still contains the PostHog JS component, raising continued security concerns.