Trust Wallet has confirmed that approximately $7 million was impacted in a security incident affecting its browser extension.
They have pledged to fully refund all affected users as they work to finalise remediation steps.
In an update published on December 26, Trust Wallet stated that the incident was limited to Browser Extension version 2.68. They confirmed earlier warnings from blockchain investigators and security researchers.
The company stressed that mobile-only users and all other extension versions were not affected.
“We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded,” Trust Wallet said, adding that supporting affected users is its “top priority.”
The company said it is actively finalising the refund process and will share further instructions with impacted users soon.
Trust Wallet Incident limited to extension version 2.68
Trust Wallet previously disclosed that the issue stemmed from a security incident affecting version 2.68 of its Chrome browser extension.
Users running that version were urged to disable the extension immediately and upgrade to version 2.69, which the company described as a secure release.
The incident drew attention after blockchain investigator ZachXBT flagged suspicious activity, with subsequent reports suggesting that wallets were drained shortly after users imported seed phrases into the extension.
Security-focused developers later alleged that a recent update may have introduced malicious behaviour, raising concerns of a potential supply-chain compromise.
Trust Wallet has not disclosed technical details about the root cause but reiterated that the impact was contained to a single extension version.
Trust Wallet users advised to disable affected extension
In follow-up guidance, Trust Wallet instructed users with Browser Extension v2.68 to avoid opening the extension, disable it via Chrome’s extension settings, and manually update to version 2.69.
The company cautioned users not to interact with messages or instructions that do not originate from its official channels, warning of potential secondary scams that could exploit the situation.
The company also confirmed that it is continuing to investigate the incident and will provide further updates as the refund process is finalised.
Broader security implications
While the issue appears to have been contained, the incident has renewed scrutiny around browser extension security and supply-chain risks in crypto wallets, particularly where updates can introduce vulnerabilities at scale.
Trust Wallet stated that it will continue to communicate with users as more information becomes available, marking the incident as one of the more significant wallet-related security events disclosed during the year-end period.
Final Thoughts
- Trust Wallet’s confirmation and refund commitment brings clarity to the incident, but the $7m impact underscores how quickly browser extension vulnerabilities can escalate into large-scale losses.
- The episode highlights ongoing supply-chain risks in crypto wallet software, reinforcing the importance of timely updates, cautious key management, and clear communication during security incidents.