TechFlow, on December 26, according to SlowMist Cosine's disclosure, version 2.68.0 of the Trust Wallet browser extension was implanted with malicious code. The attacker embedded PostHog JS to collect users' wallet private information, including mnemonic phrases, and sent the data to the attacker-controlled server api.metrics-trustwallet[.]com. Although Trust Wallet has released a patched version 2.69.0, SlowMist Cosine pointed out that this version still hasn't removed the PostHog JS code.
Previous report, "on-chain detective" ZachXBT stated that funds stolen from Trust Wallet users amounted to at least $6 million.
Add to Favorites
Share to Social Media
