Key Takeaways
What should have been a quiet Christmas night turned into a nightmare for hundreds of Trust Wallet users, after a malicious update to the wallet’s Chrome extension exposed private keys and led to millions of dollars in stolen crypto.
The issue surfaced late on Dec. 25, when users began reporting that their wallets had been drained shortly after importing their recovery phrases into Trust Wallet’s browser extension.
By the time the dust settled, losses were approaching $7 million, according to Binance founder Changpeng Zhao (CZ).
The breach was traced to Trust Wallet’s Chrome extension version 2.68.
Users who installed the update and imported their seed phrases unknowingly handed attackers the keys to their wallets.
Investigators later determined that the incident was the result of a supply-chain attack.
Malicious code had been quietly slipped into the extension’s JavaScript files, disguised as routine analytics functionality.
When users imported their recovery phrases, the code activated and transmitted sensitive wallet data to a domain controlled by the attacker.
Because the exploit ran silently in the background, there were no obvious warning signs.
Victims didn’t click phishing links or approve suspicious transactions. In many cases, funds disappeared almost immediately after the wallet was restored.
The attacker-controlled domain was registered shortly before the exploit went live and has since been taken offline.
Trust Wallet said the vulnerability was limited to the Chrome browser extension and did not affect its mobile apps or the underlying blockchains themselves.
A patched version, 2.69, was released shortly after the issue was identified.
“We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.”
Users were urged to disable the affected version immediately and update before reopening the extension.
Anyone who imported a seed phrase into version 2.68 has been advised to assume that the wallet is compromised.
While the investigation is still ongoing, early findings suggest the attack targeted the extension’s update process rather than Trust Wallet’s core infrastructure.
It’s the kind of breach that’s become increasingly common as crypto wallets rely more heavily on third-party tooling and browser environments.
CZ confirmed that Binance will cover the losses using its Secure Asset Fund for Users (SAFU), saying affected users would be fully reimbursed.
“So far, $7 million has been affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version.”
On-chain investigators, including ZachXBT, traced more than $6 million in early losses, with individual users reporting everything from a few thousand dollars gone to much larger balances wiped out.
Security experts advise that anyone who interacted with the compromised version should transfer funds to a new wallet immediately and never reuse the exposed seed phrase.
Revoking existing approvals tied to affected addresses is also strongly recommended.
The incident has reignited debate around browser-based wallets, which offer convenience but come with added risk, especially during updates.
Many security professionals continue to recommend that users with larger balances rely on hardware wallets, which store private keys offline.
For Trust Wallet users, the timing couldn’t have been worse.
However, the episode serves as a stark reminder of a harsh truth in crypto: the blockchain itself may be resilient, but the software people use to access it remains a frequent point of failure.
As the industry heads into 2026, the Trust Wallet breach adds to a growing list of supply-chain attacks—and a reminder that even trusted tools can become liabilities overnight.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
You’re All Set!
Thanks for signing up. We’ll be in touch soon with the latest insights.
