Security Breach at Trust Wallet
In the wake of a significant security breach affecting Trust Wallet, Changpeng Zhao, the CEO of Binance, has assured users that their assets are secure, coining the phrase “SAFU” to describe the safety of their funds.
Details of the Exploit
Recently, an exploit was discovered in the Trust Wallet Browser Extension Version 2.68, leading to a massive theft that approximates $7 million. The vulnerability allowed attackers to siphon cryptocurrency from users’ wallets.
Response and Recommendations
Following this incident, Trust Wallet has acknowledged the breach and promptly released an updated and secured version, 2.69, to address the vulnerability. Users are strongly advised against accessing the compromised version 2.68 to prevent further exploitation. Even now, those who have this version installed on their desktop are advised to avoid interacting with the extension altogether, as doing so could alert the hackers and result in the loss of funds.
Investigation Findings
Initial estimates indicated that around $2.8 million had been appropriated, but further investigations by PeckShield revealed that the total could be as high as $6 million, a striking increase in the scale of the theft. Currently, about $2.8 million remains within the thief’s wallets across various blockchain platforms, including Bitcoin, EVM-compatible chains, and Solana. Meanwhile, more than $4 million has already been funneled towards centralized exchanges, with substantial sums sent to ChangeNOW, KuCoin, and FixedFloat.
Ongoing Investigation
The investigation into the breach is ongoing, with Binance’s team scrutinizing how the attackers managed to submit an updated version of the extension to the Chrome Web Store. This raises serious concerns over the integrity of the release pipeline, potentially implicating an insider with access credentials who may have intentionally or inadvertently facilitated the update. In light of these events, users are urged to remain vigilant about their digital asset security.
