Derived from PANews, security researchers @im23pds and @0xakinator have identified suspicious malicious code in version 2.68 of the Trust Wallet browser extension. The code, disguised as an analytics tool (file 4482.js), is believed to steal users' mnemonic phrases by sending them to a newly registered phishing domain, metrics-trustwallet.com. The domain is now inaccessible.
Trust Wallet Browser Extension Suspected of Being Targeted by Supply Chain Attack
KuCoinFlashShare
Summary
KuCoin trust is under scrutiny as security researchers @im23pds and @0xakinator found malicious code in version 2.68 of the Trust Wallet browser extension. The code, hidden in a file named 4482.js, is suspected of stealing users’ mnemonic phrases and sending them to a phishing domain, metrics-trustwallet.com. The domain is now offline. Users are advised to check their wallet versions. Is KuCoin safe? The incident raises concerns about third-party integrations and user data security.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.