Trust Wallet has launched a formal compensation process for users affected by a recent security breach that led to roughly $7 million in stolen digital assets.
The incident was traced to a compromised Chrome browser extension, version 2.68, which contained malicious code designed to extract users’ mnemonic phrases after installation.
The breach was limited to the desktop extension and did not affect Trust Wallet’s mobile applications. Once identified, the vulnerable version was pulled, and users were urged to take immediate action to secure their funds.
Full Refunds Confirmed for Verified Victims
Trust Wallet, together with Changpeng Zhao, confirmed that all verified victims will be fully reimbursed. The refunds are being processed through Binance’s Secure Asset Fund for Users (SAFU), ensuring that affected users are made whole without relying on user funds.
To begin the process, impacted users must submit a claim via an official application form hosted on Trust Wallet’s website. The submission requires several specific details, including an email address, the compromised wallet address, the attacker’s wallet address, and the transaction hash associated with the theft.
Trust Wallet stated that each claim undergoes a structured verification process. This includes confirming wallet ownership and validating the on-chain transaction data. While this may introduce some processing delays, the company emphasized that the checks are necessary to prevent fraudulent claims.
Immediate Security Steps for Trust Wallet Users
Trust Wallet has outlined clear steps for users who may still be at risk, particularly those using the Chrome extension. Users are strongly advised not to open version 2.68, as interacting with it could expose additional data.
Instead, users should disable the extension immediately by navigating to chrome://extensions/ and toggling Trust Wallet off. From there, they should update directly to version 2.69, which removes the malicious code. Trust Wallet recommends enabling Chrome’s “Developer mode” and clicking “Update” to ensure the secure version is installed.
New Wallets Recommended for Reimbursements
As an added precaution, users affected by the breach are advised to create an entirely new wallet before receiving any compensation. Security experts note that even after updates, compromised wallets should no longer be used for storing or receiving assets.
Trust Wallet also issued a warning about scam attempts circulating online. Fake compensation forms and impersonated support accounts have appeared on social media and messaging platforms. The company stressed that the official process will never request seed phrases, private keys, or passwords under any circumstances.
The compensation rollout marks a critical step in addressing the breach, while also underscoring the risks associated with browser-based wallet extensions and the importance of rapid updates and user vigilance.
