ZachXBT warns as Trust Wallet users report being completely drained of funds

Blockchain investigator ZachXBT reported on 25/12/2023 that many Trust Wallet users had lost funds illegally within just a few hours.

Affected users reported that assets in their wallets were withdrawn without permission.

Important security warning for Trust Wallet users

According to ZachXBT, the root cause has not yet been clearly identified. However, the timing of the incident has raised concerns among many. These incidents occurred shortly after the latest update of Trust Wallet for the Chrome extension just a day prior.

ZachXBT is currently collecting wallet addresses related to these thefts and is urging those affected to report for further investigation.

While Trust Wallet has yet to provide detailed technical information, this incident has drawn attention back to the safety of crypto wallets running on browsers.

Chrome extensions have deep access to the browser. Therefore, security experts always warn that just one malicious update or compromised component can put users at significant risk.

In recent months, there have been several high-profile attacks targeting wallet users through browser extensions.

Security companies have previously detected fake wallet extensions created to steal seed phrases, allowing hackers to fully restore wallets and withdraw all assets afterward.

In some other cases, the 'transaction support' extension may also modify transaction orders without the user's knowledge, quietly taking a small amount of money each time the user confirms a transaction.

In fact, cybersecurity experts have also noted many campaigns using seemingly legitimate browser extensions that later update to install malware, redirect access, or collect personal data.

Although not entirely focused on cryptocurrency, these forms can easily target wallet login sessions, transaction verification, or approval processes for transfer orders.

In such a context, reports about Trust Wallet have immediately raised concerns within the cryptocurrency community.

The community is advised to review transaction history, revoke unnecessary access rights, and temporarily refrain from signing new transactions until clearer information is available.

Those who suspect their wallets have been affected should transfer all assets to a newly created wallet from a completely new seed phrase.

At the time of writing, Trust Wallet has not confirmed whether the Chrome extension update is the direct cause of this incident.