Back
Trust Wallet to Compensate Users Affected by Chrome Extension Security Flaw

Trust Wallet to Compensate Users Affected by Chrome Extension Security Flaw

According to Trust Wallet, $8.5 million was stolen via leaked API keys in a v2.68 extension breach linked to a prior supply-chain attack, with compensation and security updates underway.

Fact Check
The statement is assessed as highly likely to be true based on consistent and direct evidence from multiple authoritative sources. Four separate, high-authority news outlets in the finance and cryptocurrency space (The Block, Finance Magnates, Bitget, and Ainvest) explicitly report that Trust Wallet and its parent company, Binance, have committed to compensating affected users. The reports are specific, mentioning figures around $6-7 million and citing assurances from Binance's CEO and the use of Binance's SAFU fund for the reimbursement. Sources that do not mention the compensation plan primarily focus on the initial discovery and impact of the security flaw. Their omission does not contradict the claim but rather suggests they may have been published before the company's official response and compensation plan were announced. There is no conflicting evidence presented across any of the relevant sources. Several provided sources were correctly identified as completely irrelevant to the topic and were disregarded. The weight and consistency of the direct evidence from credible publications strongly support the truthfulness of the statement.
Summary

Trust Wallet announced that its browser extension version v2.68 was compromised between December 24 and 26, resulting in $8.5 million stolen from 2,520 wallets. The breach used leaked API keys tied to November’s ‘Sha1-Hulud’ supply-chain incident, involving stolen GitHub and Chrome Web Store API access. Trust Wallet released v2.69 to fix the issue, initiated compensation for verified victims, and is reviewing over 5,000 claims. Users are urged to move funds from potentially compromised wallets and submit claims via the official form.

Terms & Concepts
  • Trust Wallet: A cryptocurrency wallet service owned by Binance that supports multiple digital assets and allows users to store, send, and receive cryptocurrencies.
  • Browser extension: A software add-on that extends the functionality of a web browser, in this case providing cryptocurrency wallet features directly in-browser.
  • Supply-chain attack: A cyberattack targeting vulnerabilities in a software supply chain, often by compromising third-party tools or code repositories.