Binance 和 Trust Wallet 面临黑客攻击：浏览器扩展漏洞造成 700 万美元损失

由币安支持的 Trust Wallet 遭受了严重黑客攻击，影响了其 Chrome 扩展程序，导致数百万美元的损失。调查涉及内部人员参与，而币安则承诺全额赔偿用户。

Trust Wallet Hit by Major Hack, Binance Pledges Full Reimbursement

Trust 钱包遭受重大黑客攻击，币安承诺全额赔偿

In a troubling turn of events heading into the holiday season, Trust Wallet, the popular cryptocurrency wallet acquired by Binance, found itself at the center of a significant security breach. The incident, which primarily impacted users of its Chrome browser extension, resulted in an estimated $7 million in losses, sparking widespread concern across the crypto community.

假期即将来临，事件发生了令人不安的转变，币安收购的热门加密货币钱包 Trust Wallet 发现自己处于重大安全漏洞的中心。该事件主要影响了其 Chrome 浏览器扩展程序的用户，估计造成了 700 万美元的损失，引发了整个加密货币社区的广泛关注。

The Scope of the Breach

违规范围

The hack, first brought to light by blockchain analyst ZachXBT and later confirmed by Trust Wallet, specifically targeted version 2.68 of the wallet's browser extension. Reports indicate that hundreds of users were affected, with their digital assets vanishing from their wallets. Crucially, Trust Wallet emphasized that its mobile application and other versions of its browser extension remained unaffected, limiting the scope of the direct damage.

这次黑客攻击首先由区块链分析师 ZachXBT 曝光，后来得到 Trust Wallet 的证实，专门针对钱包浏览器扩展的 2.68 版本。报告显示，数百名用户受到影响，他们的数字资产从钱包中消失。至关重要的是，Trust Wallet 强调其移动应用程序和其他版本的浏览器扩展不受影响，从而限制了直接损害的范围。

Insider Threat or Compromised Pipeline?

内部威胁还是管道受损？

Adding a layer of complexity and concern, Binance founder Changpeng Zhao (CZ) publicly speculated that the breach may have involved insider access. He noted that investigators were examining how a compromised update managed to pass through distribution controls. This perspective suggests a potential weakness in operational security or internal governance rather than a purely external exploit. The crypto security community has closely followed this angle, as browser extension updates typically require stringent signing keys, developer credentials, and approval workflows. A malicious update bypassing these safeguards strongly points towards either credential compromise or direct internal involvement.

币安创始人赵长鹏（CZ）公开猜测此次泄露可能涉及内部访问，这让事情变得更加复杂和令人担忧。他指出，调查人员正在研究受损的更新如何设法通过分发控制。这种观点表明运营安全或内部治理方面存在潜在弱点，而不是纯粹的外部利用。加密安全社区密切关注这个角度，因为浏览器扩展更新通常需要严格的签名密钥、开发人员凭据和审批工作流程。绕过这些保护措施的恶意更新强烈指向凭证泄露或直接内部参与。

Market Reaction and Trust Wallet's Response

市场反应和 Trust Wallet 的反应

The news initially caused a dip in Trust Wallet's native token, TWT, as the market reacted to the uncertainty. However, the token stabilized and saw a rebound following confirmations of the limited impact and Trust Wallet's commitment to full user compensation. The company has assured all affected users that they will be fully refunded, aiming to restore confidence despite the incident. They are actively finalizing reimbursement procedures and have advised users to be vigilant against phishing attempts masquerading as official support.

由于市场对不确定性做出反应，这一消息最初导致 Trust Wallet 的原生代币 TWT 下跌。然而，在确认影响有限以及 Trust Wallet 对用户全额补偿的承诺后，代币趋于稳定并出现反弹。该公司已向所有受影响的用户保证，他们将获得全额退款，旨在在发生事件的情况下恢复信心。他们正在积极敲定报销程序，并建议用户警惕伪装成官方支持的网络钓鱼企图。

Broader Industry Implications

更广泛的行业影响

While Trust Wallet works to resolve the issue and compensate its users, the incident underscores a critical and growing challenge within the cryptocurrency space. As more users rely on browser extensions for managing their digital assets, the security of update mechanisms and the management of insider risks are emerging as paramount attack vectors. The episode serves as a stark reminder that vigilance in operational security is as vital as safeguarding against traditional software vulnerabilities.

尽管 Trust Wallet 致力于解决该问题并向用户提供补偿，但该事件凸显了加密货币领域面临的一个关键且日益严峻的挑战。随着越来越多的用户依赖浏览器扩展来管理其数字资产，更新机制的安全性和内部风险的管理正在成为最重要的攻击媒介。这一事件清楚地提醒我们，对操作安全保持警惕与防范传统软件漏洞同样重要。

On a lighter note, while the hack itself is serious business, it’s a good reminder to always keep your software updated and perhaps double-check those extension permissions. Here's to a more secure digital future, and may your crypto always stay put!

轻松地说，虽然黑客攻击本身是一件严肃的事情，但它是一个很好的提醒，请始终保持软件更新，并可能仔细检查这些扩展权限。这是一个更安全的数字未来，愿您的加密货币始终保持原样！