Key Insights:
- On-chain sleuth ZachXBT reported on Christmas night that several Trust Wallet had been ‘drained’.
- Trust Wallet reported a ‘security incident’ affecting its browser extension version 2.68. Trust Wallet warned users to upgrade to version 2.69 and disable their 2.68 version wallets.
- Binance co-founder Changpeng Zhao or “CZ” said that $7 million was affected in the hack and that Trust Wallet would cover losses.
For some Trust Wallet users, Christmas turned into a setback, as hackers managed to steal around $7 million from user wallets. Users of Version 2.68 of Trust Wallet Browser extension were affected; mobile-only and other browser extension versions were unaffected, as per Trust Wallet.
ZachXBT said that he was likely the first to be contacted by users who were affected.
Meanwhile, ZachXBT reported the hack via Telegram on December 25, highlighting 11 Ethereum Virtual Machine (EVM) addresses, six bitcoin addresses, and 1 Solana address.
Users of Trust Wallet Browser Extension Version 2.68 Affected
ZachXBT has reported a flurry of addresses are connected to the hacker. The following addresses are:
EVM:
- 0x3b09A3c9aDD7D0262e6E9724D7e823Cd767a0c74
- 0x463452C356322D463B84891eBDa33DAED274cB40
- 0xa42297ff42a3b65091967945131cd1db962afae4
- 0xe072358070506a4DDA5521B19260011A490a5aaA
- 0xe072358070506a4DDA5521B19260011A490a5aaA
- 0xc22b8126ca21616424a22bf012fd1b7cf48f02b1
- 0x463452c356322d463b84891ebda33daed274cb40
- 0x109252d00b2fa8c79a74caa96d9194eef6c99581
- 0x30cfa51ffb82727515708ce7dd8c69d121648445
- 0x4735fbecf1db342282ad5baef585ee301b1bce25
- 0xf2dd8eb79625109e2dd87c4243708e1485a85655
Bitcoin:
- bc1qjj7mj50s2e38m4nn7pt2j0ffddxmuxh2g8tyd8
- bc1ql9r9a4uxmsdwkenjwx7t5clslsf62gxt8ru7e8
- bc1q4g8u7kctk6f2x3f6nh43x76qm4fd0xyv3jugdy
- bc1qw7s35umfzgcc7nmjdj9wsyuy9z3g6kqjr0vc7w
- bc1qgccgl9d0wzxxnvklj4j55wqeqczgkn6qfcgjdg
- bc1q3ykewj0xu0wrwxd2dy4g47yp75gxxm565kaw6m
Solana:
- HoQ6z1wW3LUnEGHnseC3ND3PoC6i6RghMCphHhK42FEH
Binance founder Changpeng Zhao (CZ) also said that investigations were going on to identify how hackers ‘were able to submit a new version’.
The Binance co-founder is also the owner of Trust Wallet. Changpeng CZ Zhao noted that the funds were “SAFU”, which is slang for Secure Asset Funds for Users.
However, SAFU is also slang for ‘safe’. In other words, CZ said that users who lost funds in the hack will be compensated in full.
Meanwhile, it is unclear if version 2.68 was an entirely corrupted version pushed out by the hacker or if it was hacked post-release. However, CZ’s post suggests that the hacker(s) managed to push out an infected extension.
In their X post, Trust Wallet noted that mobile-only users and other browser extension versions were unaffected.
Presently, version 2.69 of Trust Wallet is available to download on Google Chrome Web Store. The update was released on December 26th, as shown on Chrome Web Store.
Meanwhile, replying to a query by ZachXBT on X, Trust Wallet said that it was in touch with affected users.
According to the Google Chrome Web Store, the Trust Wallet Chrome extension has 1 million downloads. It has a rating of 3.2 stars out of five stars based on 1,100 reviews.
Meanwhile, as per Play store, the official Android application store, Trust Wallet has over 50 million downloads. It has a rating of 4.5 stars based on 2.4 million reviews.
Stolen Funds are Being Transferred to Non-KYC Exchanges
Lookonchain, an on-chain analyst, highlighted that the attacker had transferred $4.25 million to ChangeNOW, FixedFloat, KuCoin, and HTX.
Meanwhile, ChangeNOW and FixedFloat are non-Know Your Customer (KYC), non-custodial centralized exchanges. A non-custodial exchange does not hold users’ private keys. On the other hand, KuCoin and HTX are centralized custodial exchanges with KYC requirements.
Non-KYC exchanges could offer the hacker a greater level of anonymity than KYC exchanges. This has also fueled tensions among traders amid the Trust Wallet related event.
Meanwhile, $3.17 million out of the $4.5 million in stolen funds were transferred to ChangeNOW. Less than half a million each was transferred to KuCoin, FixedFloat, and HTX.
The hacker held roughly $1.2 million in various cryptos, including Bitcoin (BTC), Ethereum (ETH), BNB etc.