Trust Wallet Chrome Extension Hack: $7 Million Crypto Theft via Compromised Update

On December 24, 2023, Trust Wallet confirmed a security incident where a compromised update to its Chrome browser extension resulted in approximately $7 million in cryptocurrency theft. This supply chain attack demonstrates the critical risks associated with browser extension ecosystems. The malicious update, distributed through official channels, drained users' wallets shortly after installation. BleepingComputer's investigation identified a phishing domain used by attackers, though technical details about the infection vector and theft mechanisms remain undisclosed. This incident underscores the inherent security challenges of browser extensions, which often require broad permissions and can be updated without user interaction. For cybersecurity professionals, this highlights the importance of extension code signing verification, rigorous update processes, and user education about phishing risks. The cryptocurrency sector remains a prime target for financially motivated threat actors, with browser-based wallets presenting particularly attractive attack surfaces. Organizations should reconsider extension usage policies and implement additional monitoring for cryptocurrency-related browser activities.