Trust Wallet Chrome extension hacked, $7 million lost
Trust Wallet's Chrome extension, owned by Binance, was hacked on December 24 in a supply chain attack.
Hackers used a leaked API key to sneak malicious code into the extension, stealing users' wallet phrases and draining $7 million in Bitcoin, Ethereum, and Solana from 2,596 wallets within a short period after the malicious extension's release.
What happened next?
The breach was traced to a backdoor hidden in a JavaScript file that sent stolen info to an attacker-controlled server.
Trust Wallet confirmed the hack on December 26 and asked users to update their Chrome extension (mobile apps were safe).
CEO Eowyn Chen shared that about 5,000 claims have been filed—some real, some not—and users need transaction hashes for verification.
Binance's CEO Changpeng Zhao promised all affected users will be reimbursed and stated "User funds are SAFU" while investigations continue.
The stolen crypto has already started moving through various platforms like ChangeNOW and KuCoin.