On December 25, 2025, the cryptocurrency space was alerted to a major security issue affecting Trust Wallet‘s Chrome browser extension. On-chain investigator ZachXBT first raised the alarm via Telegram, highlighting numerous reports of unauthorized fund withdrawals from users’ wallets in a short timeframe. The wallet‘s development team has now assured users that if they lost any funds, then they will be fully compensated for this because it was an issue that the service provider would assume responsibility for (as should be the case).
While the precise cause was initially unknown, the incidents appeared linked to a recent update released on December 24. ZachXBT‘s analysis of theft addresses revealed that attackers had siphoned more than $6 million across various blockchains, impacting hundreds of victims.
Funds were stolen in assets including Bitcoin, Ethereum-compatible tokens, and Solana-based holdings.
Trust Wallet promptly responded with an official statement on X (formerly Twitter), confirming a security incident isolated to browser extension version 2.68.
The company emphasized that only this specific version was vulnerable, assuring that mobile app users and those on other extension versions remained unaffected.
To mitigate risks, Trust Wallet strongly recommended that affected users immediately disable version 2.68 and update to the patched version 2.69, available exclusively through the official Chrome Web Store.
They provided detailed instructions, advising users not to launch the extension until the upgrade was complete, as doing so could exacerbate potential exposure.
The team acknowledged the distress caused by the event, stating they were investigating the matter intensively and would provide further updates.
Community researchers later identified suspicious code in version 2.68, including a JavaScript file that transmitted sensitive data—such as seed phrases—to a newly registered malicious domain, enabling rapid drains without user interaction.
This breach, suspected to stem from a supply chain compromise, underscores ongoing vulnerabilities in browser-based crypto tools, where elevated permissions can be exploited if updates are infiltrated.
Users who imported seed phrases into the compromised extension faced the highest risks.
In a positive development, former Binance CEO Changpeng Zhao (CZ) indicated that Trust Wallet would fully reimburse affected users, with losses estimated around $7 million.
The quick release of a fixed version and commitment to compensation helped contain further damage.
This incident serves as a reminder of the importance of vigilant security practices in cryptocurrency management: verifying updates from official sources, avoiding seed phrase imports into browser extensions, and considering hardware wallets for substantial holdings. It may also be a good idea to simply not work with so browser extensions because they have now been known to introduce various third-party vulnerabilities.
As investigations continue to unfold, this recent event highlights the need for more robust safeguards in an evolving digital asset landscape. It also reminds everyone that the sophistication of these attacks is increasing and bad actors will continue to become more skilled in the manner in which they carry out these malicious activities.