markdown
In a significant cyberattack, Trust Wallet users experienced a loss of $8.5 million in cryptocurrency, attributed to the ongoing Shai-Hulud npm supply chain vulnerabilities. This incident sheds light on the increasing threats facing digital wallet providers and the need for robust security measures.
Details of the Trust Wallet Attack
Trust Wallet reported that the attack was made possible by unauthorized access to the source code of its browser extension. Attackers exploited a specific phase of the Shai-Hulud attack, gaining entry to Trust Wallet’s Chrome Web Store API key. This access enabled them to create a compromised version of the extension that included a backdoor, allowing the extraction of sensitive wallet data from users. The malicious extension was then published on the Chrome Web Store using the compromised API key.
To date, Trust Wallet has identified 2,520 compromised wallet addresses, resulting in the theft of approximately $8.5 million. Concerned about user safety, the company has committed to refunding those affected by the breach.
Timeline of the Incident
The breach began over the Christmas period when an unauthorized version of Trust Wallet’s browser extension (version 2.68) was uploaded to the Chrome Web Store on December 24. This version bypassed the mandatory review process, thus allowing a direct attack on users. Once users logged into the compromised version, attackers could access sensitive wallet data and make unauthorized transactions.
Most intriguingly, the drained assets were tied to just 17 wallet addresses associated with the attacker. However, the impact extended beyond them, affecting additional wallet addresses not related to Trust Wallet. The team is diligently monitoring other potentially affected addresses and plans to provide updates as new information becomes available.
Who’s Affected?
The attack specifically targeted users of the Trust Wallet browser extension version 2.68 who logged in between December 24 and December 26. Importantly, those who used the Trust Wallet mobile app or different browser extension versions during this period were not impacted. Users of the affected version who reconnect post-December 26 at 11:00 UTC also remained safe.
Trust Wallet has urged users who received notifications through the mobile app or saw security alerts on the browser extension to assess their wallets for possible compromise. Affected users are advised to transfer their funds to newly created wallets, following the outlined steps from Trust Wallet, and to file for reimbursement for lost assets.
Community Response to the Attack
In a notable display of community solidarity, white hat hackers stepped in to mitigate the damage. As details of the attack emerged, these security researchers initiated DDoS (Distributed Denial of Service) attacks targeted at the attacker’s infrastructure to limit further harm. Trust Wallet officials indicated that the exposure of their developer GitHub secrets during the November attack had opened the door for this latest compromise, facilitating unauthorized API access and allowing the attackers to upload the malicious browser extension without proper oversight.
The Attacker’s Tactics
According to Trust Wallet, the attackers registered a domain, metrics-trustwallet.com, intended to host their malicious code and further integrate it into the compromised browser extension. This strategic move allowed for the seamless execution of the malicious version, leading to significant losses for unsuspecting users.
On the day following the malicious release, reports of wallet draining began to surface as users like 0xAkinator and ZachXBT began flagging the issues. Trust Wallet’s partners, including Hashdit, along with internal alerts, helped identify the suspicious activity and the attacker’s wallet addresses soon thereafter.
Following the attack, Trust Wallet made swift changes by reverting to a trusted version of the browser extension and issued upgrade instructions to users to ensure their safety.
Ongoing Vigilance Required
As cyber threats continue to evolve, both users and companies need to remain vigilant. Trust Wallet’s experience serves as a reminder of the essential cybersecurity practices users must adopt and the continual need for service providers to reinforce their security protocols.
