Eowyn Chen, CEO of Trust Wallet, a standalone crypto wallet in the Binance ecosystem whose Google Chrome extension was compromised yesterday, shares the first details of its refund roadmap. Meanwhile, it is still unclear how the attackers managed to inject malicious code into the plugin version.
Trust Wallet has launched a cashback program, says CEO Éowyn Chen
All Trust Wallet users who lost their funds following the Google Chrome extension hack from December 24-26 can request a refund through a specially designed domain. Such a statement was posted by Eowyn Chen, CEO of Trust Wallet, on his X account.
According to the statement, affected users should only request compensation via the official dashboard. The procedure will be carried out with the minimum of details to be completed.
Users interested in a refund must specify their email addresses, compromised wallet addresses, hacker addresses, and transaction hashes draining their wallet.
In the request description field, users need to share the current refund amount and the address of the new wallet for compensation. Chen recommended creating a new wallet specifically for the refund procedure.
$7 Million Trust Wallet Hack: What We Know So Far
In addition, data on the residence of the victims is collected for subsequent criminal prosecution of male factors.
The Trust Wallet team emphasizes that users should remain aware of potential identity theft scams with fake compensation programs. The legitimate initiative does not ask for passwords, personal data and seed phrases.
As previously reported by U.Today, attackers injected malicious JavaScript code into version v2.68 of the Trust Wallet Google Chrome plugin. All users who logged in between publication (December 24) and discovery of the attack (December 26) had their seed phrases intercepted by thieves.
It is most likely that the attack became possible due to a leak of API keys involved in the process of releasing Trust Wallet upgrades to the Google Chrome plugin marketplace.