Trust Wallet Contends with Fraudulent Reimbursement Requests After $7M Theft

Trust Wallet has entered a verification phase following a Christmas Day exploit related to its browser extension; although thousands of wallets are involved, the company has received significantly more reimbursement claims than anticipated.

On Monday, Trust Wallet CEO Eowyn Chen announced that the company had identified 2,596 wallet addresses linked to the compromised extension. However, nearly 5,000 claims have been filed, indicating that many may be erroneous or duplicated.

“Thus, verifying wallet ownership accurately is essential to ensure that funds are returned to their rightful owners,” Chen noted. “Our team is diligently working to validate claims by utilizing multiple data points to differentiate genuine victims from malicious actors.”

This update signals a transition from loss estimates to addressing the operational challenge of compensating users while preventing potential abuses during the process. Chen mentioned that the company is prioritizing accuracy over speed and intends to provide more details as the investigation progresses.

False Claims Arise After $7 Million Browser Extension Hack

Trust Wallet revealed on Friday that its browser extension had been compromised in a deliberate attack targeting desktop users, resulting in a loss of $7 million, which will be completely reimbursed, according to Binance co-founder Changpeng Zhao. Binance owns Trust Wallet.

The cybersecurity firm SlowMist reported that the malicious extension also harvested users’ personal information, raising alarms about potential insider involvement.

SlowMist co-founder Yu Xiam stated that the attacker seemed to have organized the exploit weeks in advance, demonstrating a deep understanding of the source code.

Onchain investigator ZachXBT had estimated that hundreds of users were impacted, while some industry experts noted that the attacker’s ability to submit a malicious extension update suggested an access level beyond that of a typical external hack.

Related: Ubisoft halts Rainbow Six Siege after hackers give each player $13.3M credits

While Trust Wallet has confirmed the hack, the company has yet to determine whether any insiders were involved. Chen indicated that the team is currently conducting a more extensive forensic investigation into the attack.

“This process is still underway today and is being conducted alongside the broader forensic examination,” Chen explained. “While some data is being finalized, we already have robust working hypotheses for a portion of the cases.”