@TrustWallet has officially opened its compensation process for users affected by the malware incident that caused roughly $7 million in losses during Christmas.
đ· Trust Wallet confirmed it will fully reimburse 100% of affected users. Victims can submit claims via the official support form, providing their email, country, affected wallet address, hacker wallet address, and transaction hash.
đ· The malware was embedded in browser extension version 2.68 (Dec 24) due to a leaked Chrome Web Store API key, which allowed a malicious release to bypass internal security checks.
đ· About $7 million in digital assets across multiple chains (Bitcoin, Ethereum, Solana) were stolen. According to PeckShield, over $4 million has already been moved through CEXs (ChangeNOW, FixedFloat, KuCoin), while around $2.8 million remains in the attackerâs wallet.
đ· The attack leveraged a modified open-source analytics library to collect seed phrases and send them to the attackerâs server (per SlowMist).
đ· Only desktop Chrome extension users who logged in before 6:00 PM (VN time) on Dec 26 were affected. Mobile apps and other versions were not impacted.
đ· Trust Wallet patched the issue starting from v2.69 and recommends users upgrade to v2.89.
đ· CZ confirmed that Trust Wallet will cover all user losses using the SAFU fund.
