A serious security incident involving Trust Wallet has shaken the crypto community after its Chrome browser extension (version 2.68) was compromised, leading to the unauthorized draining of user funds. The attack surfaced shortly after a routine update was released on December 24, 2025, catching many users off guard during a traditionally high-activity period.
What Happened?
According to multiple reports from blockchain analysts and independent security researchers, the compromised update introduced malicious or modified code into the Trust Wallet Chrome extension. This code allowed attackers to capture sensitive wallet credentials, including seed phrases and private keys, particularly when users entered or imported them after installing version 2.68.
Importantly, the breach was extension-specific.
- Trust Wallet mobile applications were not affected
- Other versions of the extension were not impacted
Users who interacted with the compromised extension—especially by entering a seed phrase—often saw their funds drained within minutes.
Losses & Impact
Estimates from blockchain investigators suggest that $6–7 million or more in cryptocurrency was stolen from hundreds of wallets.
Affected assets reportedly include:
- Bitcoin (BTC)
- Ethereum (ETH)
- Solana (SOL)
- Other ERC-20 and SPL tokens
The rapid outflow of funds and cross-chain impact suggest the attackers were well-prepared and actively monitoring compromised wallets.
How the Hack Worked
Technical analysis indicates that a malicious JavaScript payload—reportedly embedded in a file such as 4482.js—was quietly introduced into the extension’s codebase.
Key characteristics of the attack:
- The payload exfiltrated wallet credentials to an external server
- Any seed phrase entered into version 2.68 was potentially compromised
- Automated scripts were used to drain wallets almost immediately
Security researchers are still investigating how the malicious version passed review and distribution checks in the Chrome extension pipeline.
Official Response & Mitigation
Trust Wallet has publicly acknowledged the incident and confirmed that only Chrome extension version 2.68 was affected.
Actions taken by Trust Wallet:
- Urged users to immediately disable or uninstall v2.68
- Released version 2.69, which patches the vulnerability
- Reiterated that mobile wallet users were never at risk
- Launched an internal investigation into the supply-chain failure
Users are strongly advised not to re-enable the extension unless they are running the verified secure release.
Compensation & Aftermath
Changpeng Zhao, CEO of Binance and a key figure associated with Trust Wallet, has reportedly confirmed that affected users will be reimbursed for losses totaling roughly $7 million.
While this announcement has reassured many victims, specific details of the refund process—including eligibility, timelines, and verification steps—are still being finalized.
User Safety Advice
If you used the Trust Wallet Chrome extension between December 24–26, 2025, take the following steps immediately:
- Disable or uninstall the Chrome extension—especially if it was v2.68
- Do not enter seed phrases until you have verified you’re on version 2.69 or later
- If you imported a seed phrase during the affected window, assume compromise
- Migrate funds to a brand-new wallet created on a secure, uncompromised device
- Stay alert for phishing attempts, fake support messages, or refund scams during the remediation period
Final Thoughts
This incident highlights the growing risks around browser-based crypto wallets, where a single compromised update can have devastating consequences. While Trust Wallet’s swift response and commitment to reimburse users may help restore confidence, the breach serves as a reminder that seed phrase hygiene and cautious update practices remain critical for all crypto users—especially during holiday periods when vigilance is often lower.
