Trusted Wallet Faces Fake Invoicing Claims Following $7M Hack

Trust Wallet was moved to verification level after a Christmas Day exploit involving the browser extension. When thousands of wallets were identified, the company received more compensation requests than expected.

On Monday, TrustWallet CEO Eowyn Chen said the company had identified 2,596 wallet addresses linked to the compromised extension. Still, it received about 5,000 claims, a large number of which may be false or duplicate.

“For this reason, proper verification of wallet ownership is critical to ensure that funds are returned to the correct people,” Chen wrote. “Our team is working hard to verify claims, combining multiple data points to separate legitimate victims from malicious actors.”

The update shows that the response has shifted from estimating losses to an operational test of compensating users without exposing the process to abuse. Chen said the company is prioritizing accuracy over speed and plans to share more details as the investigation continues.

False claims follow $7 million browser extension hack

TrustWallet revealed on Friday that the browser extension was compromised by a targeted attack affecting desktop users. This resulted in a loss of 7 million dollars, which is fully covered by Binance co-founder Changpeng Zhao. Binance owns the Trust Wallet.

Cybersecurity firm SlowMist reported that the malicious extension exposed users' personal information to outsiders, posing a risk of internal intrusion.

Yu Xiam, co-founder of SlowMist, said the attacker apparently developed the exploit weeks ago and showed deep familiarity with the source code.

Onchain researcher ZackXBT previously estimated that hundreds of people were affected, while some industry observers argued that the attacker's ability to deliver malicious extension updates suggests access beyond a typical external hack.

Related: Ubisoft Halts Rainbow Six Siege After Hackers Give Each Player 13.3 Million Credits

While TrustWallet has confirmed the hack, the company has yet to confirm whether any insiders were involved. Chen said the team is currently conducting an extensive forensic investigation into the attack.

“This process is ongoing today and is being conducted along with the extensive forensic investigation,” Chen wrote. “While some data is still being finalized, we have strong hypotheses for some cases.”

Magazine: Koreans ‘pump' alts after Upbit hack, China BTC mining: Asia Express