Trust Wallet has confirmed a vulnerability in version 2.68 of its Chrome extension, which allowed for the theft of funds. Learn the technical details, the fix in version 2.69, and the urgent protective measures.
The security of Trust Wallet users operating through the Google Chrome browser extension has been compromised following the deployment of a faulty update. The cryptocurrency wallet's development team recently confirmed the existence of a critical vulnerability in version 2.68 of the software, which allowed external actors to execute transactions and drain funds without requiring user approval or manual signature.
This security incident has generated an immediate response from the on-chain community and the company itself, who have urged all users of the desktop version to Update immediately to version 2.69.
Unlike phishing or social engineering attacks, this flaw resides in the application's official code, directly impacting the integrity of asset custody. It's important to note that the vulnerability is limited exclusively to the browser extension; the Trust Wallet mobile apps for iOS and Android are unaffected and remain secure. reported the company.
Trade crypto securely at Bit2MeThe vulnerability that exposed Trust Wallet users
The vulnerability in question was discovered through scattered reports from users who observed unexplained capital outflows in their balances. The situation escalated when the security researcher known as Zach XBT The report consolidated the complaints and issued a public alert. According to the expert's report, users who had received the automatic update of the Chrome extension to version 2.68 began experiencing unauthorized transfers a few hours after installation.
Although the origin of this vulnerability remains officially unconfirmed, it appears to be related to a failure in the signature validation logic within the extension. Under normal circumstances, any fund transfer requires the user to confirm the transaction using a password or biometric authentication in the interface. However, flawed code in version 2.68 allowed this critical step to be bypassed, leaving wallets vulnerable to scripts that could initiate transfers with the permissions of the active session.
Given the seriousness of the case, Trust Wallet released version 2.69 To correct the vulnerability, they asked users not to open the extension if they believed they were using the compromised update. Simply activating the interface could trigger the execution of pending malicious code.
The company explained that the safest way to resolve the problem was to force a browser update or reinstall the extension directly from the official store, verifying that it was the corrected version before re-entering credentials or unlocking funds.
This security incident has once again highlighted a lesson the crypto ecosystem tends to forget. Blockchain security remains intact, but the risk lies not in the network itself, but in the tools that connect it to users. No blockchain was compromised, but the software linking them failed, revealing that the system's strength is irrelevant if the interface that safeguards the private keys becomes the real vulnerability.
Buy crypto: manage your portfolio hereThe hidden risk in browser extensions
This security incident jeopardizes the common practice of handling large sums of cryptocurrency through web browsers like Chrome. The extensions we use to connect wallets operate with broad access, allowing them to read and alter data on any page we visit. This same flexibility, designed to expedite transactions, opens the door to serious problems if someone infiltrates their code. Cybersecurity specialists have been warning about this for some time. Updates represent the weakest link, because a single infected package in the development chain can instantly affect thousands of people.
Unlike standalone desktop applications or a disconnected cold wallet, these extensions share an always-online space exposed to scripts from across the internet. In recent months, the crypto world has seen a variety of attacks against them, from fake copies of popular extensions that capture private seeds to injections in trading tool updates. However, what makes this case unique is its legitimate origin. The problem arose in the official software, downloaded directly from the Chrome Web Store.
In light of this latest incident, blockchain transaction analysts insist that these dangers are inherent in the design of hot wallets—wallets that are always ready to operate with a single click. This speed expands the opportunities for attackers, and this event makes it clear that diversifying the custody of crypto assets is crucial. For high-net-worth individuals, it's advisable to avoid relying solely on tools with automatic updates beyond our direct control.
Join Bit2Me and trade cryptocurrenciesContainment measures and user perspectives
While the investigation continues to determine the source of the vulnerability and the full extent of the losses, attention is now focused on crisis management and support for the victims.
ZachXBT has taken the initiative to collect the affected addresses to trace the flow of stolen funds, a standard practice aimed at hindering money laundering by attackers. Simultaneously, the researcher has publicly questioned the Trust Wallet team about the possibility of compensating affected users, a sensitive issue that often defines the long-term reputation of service providers in this sector.
The company's support team has begun contacting affected users to advise them on the next steps, although the irreversible nature of blockchain transactions complicates the direct recovery of funds.
The general recommendation for those who suspect their digital wallet may have been compromised is to consider that address "burned" and move any remaining assets to a new address generated from a completely new seed phrase. Keeping the same address, even after updating the software, could represent an unnecessary residual risk.
Certificate
Blockchain Course
Basic levelTake this course where we explain blockchain in a clear, simple and concise way so that you have a very clear idea of what this new technology consists of.
