Trust Wallet Brings Back Browser Extension With New Security Controls
Trust Wallet has brought its Chrome browser extension back online after a weeks-long disruption tied to a highly coordinated supply-chain attack, marking a critical step in its recovery from one of the most damaging wallet exploits of the year.
The restored release is designed not just to resume normal use, but to fix a problem that emerged after the hack: separating real victims from a surge of fraudulent reimbursement claims.
Key takeaways
- Trust Wallet’s Chrome extension is live again after a supply-chain breach tied to roughly $8.5 million in losses.
- The new release adds in-extension verification to confirm wallet ownership for reimbursements.
- The attack stemmed from a compromised browser extension, not the mobile apps.
- An unusually high number of false or duplicate claims forced stricter verification measures.
The newly published version 2.71.0 introduces an in-extension verification code system that allows Trust Wallet’s support team to confirm wallet ownership directly. The company says this feature is essential to restarting reimbursements after receiving far more claims than confirmed victims.
Eowyn Chen said the extension’s brief disappearance from the Chrome Web Store was caused by a platform-side issue encountered while rolling out the update. Google acknowledged the problem and escalated it internally, allowing the extension to return. Chen also urged users to be cautious, warning that fake or malicious look-alike extensions often appear after high-profile incidents.
A Christmas Attack Months in the Making
The incident traces back to Christmas Eve, when attackers quietly distributed a tampered version 2.68 of Trust Wallet’s browser extension. Over roughly 48 hours, users who installed or updated to the compromised version saw funds drained across multiple blockchain networks, with total losses estimated near $8.5 million.
Trust Wallet later confirmed that just over 2,500 wallet addresses were affected. Investigators believe the attack was connected to the November Sha1-Hulud supply-chain compromise, which targeted the npm software ecosystem and impacted thousands of crypto-related repositories. Security researchers noted that the attackers had prepared infrastructure weeks in advance, staging systems as early as December 8.
Once the exploit was identified, white-hat researchers attempted to disrupt the attackers’ servers with denial-of-service actions, helping limit further losses. Trust Wallet rushed out a replacement release, but an additional bug delayed a full restoration until now.
Reimbursements Meet a Second Threat
While Trust Wallet stressed that only the browser extension was affected — and that its mobile apps remained safe — the aftermath created a new challenge. Despite identifying fewer than 2,600 affected wallets, the company received more than 5,000 reimbursement claims.
Owned by Binance but operating independently, Trust Wallet confirmed that all verified victims will be reimbursed, a commitment echoed publicly by Changpeng Zhao. However, Chen acknowledged that duplicate and fraudulent claims forced the platform to tighten its verification process.
The verification-code feature embedded in version 2.71.0 is intended to resolve that bottleneck by tying claims directly to affected wallets, reducing the risk of false payouts.
Beyond the immediate recovery, the episode highlights a broader issue facing crypto users: browser extensions remain a high-risk surface, especially when attackers exploit the software supply chains developers rely on. For Trust Wallet, restoring the extension is only the first step — rebuilding user trust after a supply-chain breach may take far longer.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alexander Zdravkov is a person who always looks for the logic behind things. He has more than 3 years of experience in the crypto space, where he skillfully identifies new trends in the world of digital currencies. Whether providing in-depth analysis or daily reports on all topics, his deep understanding and enthusiasm for what he does make him a valuable member of the team.
