Trust Wallet Hack Shifts To Verification Amid Surge In False Claims
Trust Wallet said it has identified 2,596 compromised addresses following its Christmas Day exploit as investigators work to separate real victims from false claims.
Trust Wallet has moved into a verification phase after a Christmas Day exploit involving its browser extension; while thousands of wallets have been identified, the company has received far more reimbursement claims than expected.
On Monday, Trust Wallet CEO Eowyn Chen said the company had identified 2,596 wallet addresses tied to the compromised extension. Still, it has received almost 5,000 claims, suggesting a significant amount may be false or duplicate submissions.
“Because of this, accurate verification of wallet ownership is critical to ensure funds are returned to the right people,” Chen wrote. “Our team is working diligently to verify claims; combining multiple data points to distinguish legitimate victims from malicious actors.”
The update marks a shift in the response from estimating losses to managing the operational challenge of compensating users without exposing the process to abuse. Chen said the company is prioritizing accuracy over speed and plans to share additional details as the investigation continues.
Trust Wallet disclosed on Friday that its browser extension had been compromised in a targeted attack affecting desktop users. This resulted in $7 million in losses, which will be fully covered, according to Binance co-founder Changpeng Zhao. Binance owns Trust Wallet.
Cybersecurity firm SlowMist reported that the malicious extension also exported users' personal information, raising concerns about potential insider involvement.
SlowMist co-founder Yu Xiam said the attacker appeared to have prepared the exploit weeks in advance and showed deep familiarity with the source code.
Onchain investigator ZachXBT previously estimated that hundreds were affected, while some industry observers argued that the attacker's ability to submit a malicious extension update suggested access beyond a typical external hack.
Related: Ubisoft halts Rainbow Six Siege after hackers give each player $13.3M credits
Source: CoinTelegraph
