The Trust Wallet update includes a feature to help victims of the $7 million Christmas hack submit reimbursement claims for lost funds.
The Trust Wallet browser extension for Google Chrome Web Store is “temporarily unavailable,” delaying the release of a new version that includes tools for victims of a recent hack, according to Trust Wallet CEO Eowyn Chen.
“We hit a Chrome Web Store bug while releasing a new version,” Chen said in an X post, adding that the delayed release includes a feature to help victims of the Christmas Day hack verify and submit their reimbursement claims. She said on Sunday:
“So far, we’ve identified 2,596 affected wallet addresses. From this group, we’ve received around 5,000 claims, which indicates a significant number of false or duplicate submissions attempting to access victims’ reimbursements.”
Chen also warned users to be “alert” to fake Trust Wallet browser extensions on the Chrome Web Store until the latest version is uploaded.
The Trust Wallet was hacked on Christmas, draining over $7 million in user funds, which Trust Wallet agreed to reimburse to the injured parties. The incident highlights the danger of crypto wallet browser extensions and hot wallets connected to the internet.
Related: North Korea-linked theft and poor key security dominate Web3 losses: Hacken
Trust Wallet releases post-mortem report; CZ says hacker may have been an insider
The attacker likely compromised the wallet through the “Sha1-Hulud” supply chain exploit that affected the entire crypto industry by compromising the npm software packages used by blockchain application developers, according to Trust Wallet’s incident report.
Trust Wallet’s GitHub development “secrets” were leaked in the Sha1-Hulud incident, which gave the threat actor access to Trust Wallet’s browser extension source code and the Chrome Web Store application programming interface (API) key, the report said.
The hacker then used the API key to upload a malicious version of the Trust Wallet browser extension to the Chrome Web Store, according to the report.
“This kind of ‘hack’ is not natural. The chances of an insider are high,” intergovernmental blockchain adviser Anndy Lian said after the hack.
Binance co-founder CZ agreed that the hacker was likely an insider due to their familiarity with Trust Wallet’s code.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
