What Changed in Trust Wallet’s Response?
Trust Wallet has entered a verification phase following a Christmas Day exploit that targeted its browser extension, as the number of reimbursement claims now exceeds the number of confirmed affected wallets. The shift reflects a move away from estimating losses toward managing the operational risk of compensating users without opening the process to abuse.
Chief executive Eowyn Chen said the company has identified 2,596 wallet addresses linked to the compromised extension. Yet Trust Wallet has received nearly 5,000 reimbursement claims, raising concerns about duplicate or false submissions.
“Because of this, accurate verification of wallet ownership is critical to ensure funds are returned to the right people,” Chen wrote. “Our team is working diligently to verify claims; combining multiple data points to distinguish legitimate victims from malicious actors.”
Chen added that the company is prioritizing accuracy over speed and plans to provide further updates as the investigation continues.
Investor Takeaway
What Do We Know About the Hack?
Trust Wallet disclosed last week that its browser extension had been compromised in a targeted attack affecting desktop users, resulting in $7 million in losses. Binance co-founder Changpeng Zhao said the full amount would be covered. Binance owns Trust Wallet.
The incident involved a malicious update to the extension, rather than a vulnerability triggered through user behavior alone. Cybersecurity firm SlowMist reported that the extension not only enabled fund theft but also exported personal user data, increasing concerns about the depth of access involved in the attack.
SlowMist co-founder Yu Xiam said the attacker appeared to have prepared the exploit weeks in advance and demonstrated detailed knowledge of the extension’s source code. That level of preparation has fueled speculation across the industry about whether the breach involved more than a standard external compromise.
Onchain investigator ZachXBT previously estimated that hundreds of users were affected, though that figure did not account for the surge in claims now being reviewed. Some observers have questioned how a malicious update could pass through distribution channels without elevated access.
Why Are False or Duplicate Claims a Risk?
Large-scale reimbursement programs in crypto have repeatedly drawn opportunistic behavior, especially when wallet addresses and transaction histories are publicly visible. In Trust Wallet’s case, the gap between confirmed compromised wallets and submitted claims suggests attempts to exploit the payout process itself.
Chen said Trust Wallet is combining multiple verification methods to assess claims, though she did not detail the criteria being used. The company has also stressed that verification is tied to wallet ownership rather than claim submission alone.
The process highlights a recurring issue in self-custody ecosystems: while blockchain transparency allows incidents to be traced, linking addresses to verified users without centralized records remains complex. That tension becomes more acute when reimbursement decisions involve millions of dollars.
Investor Takeaway
Is Insider Involvement Being Ruled Out?
Trust Wallet has not confirmed whether the attack involved insiders. Chen said the company is conducting a broader forensic investigation alongside the verification process to assess how the malicious extension update was prepared and distributed.
“This process is ongoing today and is being carried out alongside the broader forensic investigation,” Chen wrote. “While some data is still being finalised, we already have strong working hypotheses for a portion of the cases.”
