Multi-chain non-custodial cryptocurrency wallet Trust Wallet has disclosed the theft of almost $7 million worth of digital assets following the compromise of version 2.68 of its Google Chrome extension, which has nearly a million users, reports The Hacker News. Hundreds of victims were noted by ZachXBT to have already been impacted by the incident, which blockchain security firm SlowMist said involved the inclusion of malicious code in the extension that triggered a mnemonic phrase request, as well as the exploitation of the posthog-js library for wallet user data gathering activities. “The attacker directly tampered with the application’s own code, then leveraged the legitimate PostHog analytics library as the dataexfiltration channel, redirecting analytic traffic to an attackercontrolled server,” said SlowMist. Around $4 million of the stolen proceeds have already been delivered to a trio of centralized exchanges, while the remaining funds continue to be in the attackers’ Bitcoin, EVM, and Solana wallets, according to PeckShield. Immediate updates to version 2.69 of the Chrome extension have been urged, with Trust Wallet also advising affected users to fill out a form on a dedicated support desk site to obtain compensation for the incident.
