Trust Wallet disclosed that hackers stole approximately $7 million during an attack that lasted about eight hours, targeting its browser extension. Analysts describe the incident as a classic supply-chain compromise, where attackers replaced a legitimate extension version with a malicious one, allowing them to drain user funds silently.
Investigators believe the operation was carefully prepared in advance. The attackers reportedly used external infrastructure and a lookalike domain to distribute the compromised extension, raising concerns within the crypto community about potential insider involvement. The method highlights growing risks around third-party tools and browser-based wallets.
Trust Wallet stated that user funds will be fully reimbursed once the investigation concludes. The company urged all users to immediately update the Chrome extension to version 2.69, stressing that strengthening extension security is now a top priority.
