Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
Trust Wallet, the Binance-owned non-custodial cryptocurrency wallet, has initiated a formal compensation process following a security incident in its Chrome browser extension that resulted in approximately **$7 million** in user losses. The breach, discovered on December 25, 2025, affected only **version 2.68** of the extension, where malicious code—inserted via a leaked Chrome Web Store API key—harvested users’ seed phrases, enabling rapid wallet drains across chains like Bitcoin, Ethereum, and Solana.
Incident Details
Attackers published the compromised update on December 24, bypassing internal checks. The code, disguised within a modified analytics library, captured decrypted seed phrases when users imported or unlocked wallets. Mobile app users and other extension versions remained unaffected. On-chain trackers like ZachXBT and PeckShield reported hundreds of victims, with over $4 million laundered through exchanges and ~$2.8 million still in attacker wallets.
Trust Wallet’s Response
The team quickly released patched version 2.69 and urged users to disable/update the extension. Binance founder Changpeng Zhao confirmed full reimbursement, stating “user funds are SAFU.” Affected users can submit verified claims via the official support portal, providing wallet details and transaction hashes for review.
User Protection Steps
– Update to version 2.69 immediately.
– If you imported a seed phrase in v2.68, transfer assets to a new wallet (seed considered compromised).
– Avoid fake compensation scams; use only official channels.
This swift accountability reinforces trust in Trust Wallet amid browser extension risks. The incident underscores the need for vigilance in software updates and preference for hardware/mobile wallets for larger holdings.
