Trust Wallet, the widely-used non-custodial cryptocurrency wallet owned by Binance since 2018, has rolled out an official reimbursement program following a significant security breach in its Chrome browser extension. The receny issue stemmed from malicious code inserted into version 2.68 of the extension, which was released on December 24, 2025.
The vulnerability / exploit allowed attackers to drain funds from users who interacted with the compromised version, leading to approximately $7 million in losses across various blockchains, including Bitcoin, Ethereum, and Solana.
The breach was first flagged on Christmas Day by on-chain investigator ZachXBT, prompting swift action from Trust Wallet.
The company quickly released a patched version (2.69) and advised users to disable the affected extension immediately.
Importantly, the mobile app and other extension versions remained unaffected.
On Friday, December 27, Trust Wallet announced the formal claims process via its support portal.
Victims are required to submit details such as their email, country of residence, affected wallet addresses, the attacker’s destination addresses, and relevant transaction IDs.
The team emphasized that every legitimate claim will undergo thorough verification to maintain security and accuracy.
In a post on X, Trust Wallet stated:
“We are working around the clock to finalize the compensation process details and each case requires careful verification to ensure accuracy and security.”
The company has committed to fully reimbursing all verified losses.Blockchain security firm PeckShield tracked the stolen funds, reporting that over $4 million had been laundered through centralized exchanges like ChangeNOW, FixedFloat, and KuCoin by Thursday, with roughly $2.8 million still sitting in the attacker’s wallets.
Binance founder Changpeng Zhao (CZ) publicly reinforced the commitment on X, noting the $7 million impact and assuring users that “TrustWallet will cover” the losses, adding that “user funds are SAFU”—a reference to Binance‘s emergency insurance fund.
This incident highlights ongoing risks in browser-based wallets, particularly supply-chain attacks.
Trust Wallet has urged users to stick to official channels for updates and warned against scam compensation forms circulating online.
As investigations continue into just how the malicious code was actually deployed—potentially involving a leaked Chrome Web Store API key—Trust Wallet‘s seemingly proactive reimbursement effort aims to restore user confidence in the platform, which serves a significant number of accounts worldwide.