The Trust Wallet browser plugin v2.68 has suffered approximately $8.5 million in losses due to a supply chain attack.
TL;DR
Trust Wallet's browser extension v2.68 was compromised in a supply chain attack, leading to unauthorized transactions and data theft affecting 2,520 addresses with $8.5 million in losses. The attack is linked to the Sha1-Hulud incident, and Trust Wallet has rolled back to secure v2.69 and started compensating users.
Tags
According to Foresight News , Trust Wallet announced that its browser extension version 2.68 was uploaded to the Chrome Web Store by attackers without internal review, and malicious code was injected, enabling it to execute transactions and steal wallet data without user authorization. The incident has been confirmed to have affected 2,520 wallet addresses, with total losses estimated at approximately $8.5 million. Preliminary investigations indicate that the attack is related to the Sha1-Hulud industry-wide supply chain incident that occurred in November. Trust Wallet has rolled back the extension to the secure version 2.69 and initiated the compensation process for affected users.