SlowMist CISO: Trust Wallet-related developer devices or code repositories may be compromised by attackers.

According to 23pds, Chief Information Security Officer of Odaily Technology, their analysis suggests that the devices or code repositories of Trust Wallet developers may have been compromised by attackers. Users are advised to disconnect from the internet and check the devices of relevant personnel immediately.

Previously, on-chain analyst Yu Xian published an article on the X platform stating that Trust Wallet browser extension version 2.68.0 contained a backdoor, and the fixed version is 2.69.0. Code comparison revealed that the backdoor code added a PostHog plugin to collect wallet users' private information (including seed phrase) and send it to the attacker's server api.metrics-trustwallet[.]com.

According to the estimated timeline, the attackers began preparations on December 8th, successfully implanted the backdoor on December 22nd, and began transferring funds on December 25th. According to zachxbt, users have lost over $6 million.