Trust Wallet has confirmed a serious security breach tied to its browser extension, after attackers exploited a vulnerability that led to roughly $7 million in stolen user funds.
The incident was tightly scoped but severe, with losses unfolding rapidly and affecting users across multiple blockchains.
What Went Wrong
The issue was isolated to Trust Wallet Browser Extension version 2.68. According to the disclosure, neither mobile app users nor those running other extension versions were impacted.
⚠️ UPDATE: About $7M was affected in the Trust Wallet hack, with the company pledging to cover user losses per CZ. pic.twitter.com/ITG5HZt8J0
— Cointelegraph (@Cointelegraph) December 26, 2025
Attackers injected malicious code into the extension, specifically within a file labeled 4482.js. When users imported their seed phrases into the compromised extension, the code silently transmitted those phrases to a phishing domain controlled by the attackers. Once exposed, wallets were drained almost immediately.
While early preparation for the attack may have started earlier in December, most unauthorized transfers occurred on Christmas Day. Several users reported losses exceeding $300,000 within minutes, highlighting how quickly the exploit was executed once seed phrases were compromised.
Scope of the Losses
The breach affected hundreds of users and spanned multiple networks. Stolen assets included Bitcoin, Solana, and tokens across various EVM-compatible chains. The common factor was the use of the compromised browser extension version, rather than a specific blockchain or asset type.
Importantly, this was not a protocol-level failure. The exploit targeted wallet software distribution, underscoring how browser extensions remain a high-risk surface even for widely used crypto tools.
Response and Reimbursement
Changpeng Zhao, founder of Binance, confirmed publicly that Trust Wallet will fully reimburse affected users for the approximately $7 million in losses. He stated that “funds are SAFU” and noted that the breach is considered “most likely” linked to an insider or third-party issue, which remains under investigation.
Trust Wallet has since released a patched version, 2.69, addressing the vulnerability.
Urgent Steps for Affected Users
Trust Wallet issued immediate guidance for users who had installed version 2.68:
- Disable the 2.68 browser extension immediately
- Disconnect from the internet before exporting any mnemonic phrases
- Migrate funds to a new, secure wallet
- Upgrade only after moving assets, using version 2.69
The emphasis is clear: once a seed phrase may have been exposed, upgrading alone is not sufficient. Funds must be moved to a completely new wallet.
Why This Matters
This incident highlights a recurring risk in crypto security, not smart contracts or blockchains themselves, but wallet software and distribution channels. Even well-known, widely trusted tools can become attack vectors if compromised at the code or update level.
While Trust Wallet’s commitment to reimburse users limits the financial fallout, the breach reinforces a broader lesson: browser extensions remain one of the most sensitive points in crypto self-custody. Users and providers alike are being reminded that operational security is just as critical as on-chain design.
