After its Christmas Day hack, Trust Wallet stated it found 2,596 affected addresses. Investigators are now trying to figure out who the real victims are and who is making fake claims.
After a Christmas Day attack involving their browser extension, Trust Wallet has entered the verification process. The company has found thousands of wallets, but it has received far more refund requests than it expected.
Trust Wallet CEO Eowyn Chen stated on Monday that the company had found 2,596 wallet addresses linked to the hacked extension. It has had approximately 5,000 claims, though, which means that a lot of them might be fake or duplicate submissions.
Chen said, “So it’s vital to ensure the right people get a refund.” Our team is working hard to check claims by looking at multiple sources of information to tell the difference between real victims and bad actors.
The upgrade changes the response from figuring out how much money users lost to figuring out how to pay them without letting the process be abused. Chen added that the corporation is putting accuracy ahead of speed and would give more information as the probe goes forward.
Source: Eowyn Chen
Extension exploit raises concerns over Insider access
Trust Wallet announced on Friday that a targeted attack had hacked its browser extension, affecting only desktop users. Changpeng Zhao, co-founder of Binance, which owns Trust Wallet, said that this cost $7 million, but the exchange will pay for it all.
According to the cybersecurity company SlowMist, the malicious extension also sent out customers’ private information, which makes people worry that someone inside the company might be involved.
Yu Xiam, one of the founders of SlowMist, said that the attacker seemed to have planned the exploit weeks in advance and knew the source code quite well.
Onchain investigator ZachXBT had said that hundreds of people were affected, but some people in the industry said that the attacker’s ability to submit a malicious extension update showed that they had access beyond what a normal external hack would have.
Forensic investigation ongoing as Trust Wallet reviews internal controls
Trust Wallet has confirmed the attack, although the company has not yet said whether any employees were involved. Chen noted that the team is now looking into the attack in a more general way.
Chen added, “This process is still going on today and is being done at the same time as the larger forensic investigation.” “We already have strong working hypotheses for some of the cases, even though some data is still being finalised.”