Trust Wallet Hack: What Happened?
A major security incident involving Trust Wallet was confirmed on December 26, 2025, after a supply-chain attack compromised its Chrome browser extension.
The attack targeted version 2.68 of the extension, where malicious code was injected into an official update, allowing attackers to steal user seed phrases and drain wallets.
Importantly, mobile-only Trust Wallet users were not affected.
Scope of the Losses
- Total funds stolen: approximately $7 million
- Chains affected: Bitcoin, Ethereum, Solana
- Victims: hundreds of users
- Individual losses: ranged from ~$50,000 up to $3.5 million per wallet
- On-chain confirmation: Funds were tracked moving to exchanges by investigators such as ZachXBT and Lookonchain
The exploit reportedly occurred on Christmas Day (Dec 25), before being publicly disclosed.
Binance & CZ Respond
Changpeng Zhao, founder of Binance, which owns Trust Wallet, publicly confirmed that:
All affected users will be fully reimbursed.
He also reassured users that funds and core systems remain safe, emphasizing that the issue was isolated to the compromised browser extension version.
Immediate Actions for Users
Trust Wallet has already released version 2.69, which removes the malicious code. Users are strongly advised to:
- Immediately disable and remove extension version 2.68
- Update to version 2.69 only
- Transfer assets to a brand-new wallet
- Assume seed phrases are compromised
Bigger Picture: Supply-Chain Risk Returns
This incident is another reminder that browser extensions remain a high-risk attack vector, even when updates come from official sources.
Security experts continue to stress:
- Use hardware wallets for large holdings
- Avoid keeping long-term funds in hot wallets
- Verify updates and announcements via official channels only
Source: https://cryptoticker.io/en/trust-wallet-chrome-extension-hack-7m-reimbursement/