Trust Wallet Chrome extension restored after $8.5M supply‑chain exploit; reimbursement process tightened

Trust Wallet has restored its Chrome browser extension after a December supply‑chain attack that led to roughly $8.5 million stolen from about 2,520 wallets. Attackers pushed a malicious extension (v2.68) on December 24; most thefts occurred December 25–26. Trust Wallet links the compromise to the November Shai‑Hulud npm registry breach and says attackers prepared infrastructure as early as December 8. White‑hat defenders deployed DDoS countermeasures that helped limit further losses. The incident affected only the Chrome extension; Trust Wallet’s mobile apps were not impacted. Trust Wallet identified 2,596 affected addresses but received more than 5,000 reimbursement claims, prompting a stricter verification process. The restored extension (v2.71.0) adds a verification‑code feature to authenticate claimants and reduce duplicates/fraud. CEO Eowyn Chen and Binance founder Changpeng Zhao confirmed plans to reimburse verified victims. Users are advised to remove any suspicious Trust Wallet extensions, update only from the official Chrome Web Store listing, and take standard wallet safety steps (use hardware wallets for large balances, avoid browser extensions for custodial keys).