Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
A major security incident struck Trust Wallet’s Chrome browser extension on December 25, 2025, resulting in hackers draining more than $7 million from hundreds of user wallets across multiple blockchains, including Ethereum, Bitcoin, and Solana.
The breach was first flagged by on-chain investigator ZachXBT, who alerted the community after receiving reports of sudden, unauthorized fund transfers. Many victims noted drains occurring shortly after importing seed phrases into the extension. Investigations revealed malicious code in version 2.68, likely introduced via a supply-chain compromise during a recent update on December 24. This code exfiltrated sensitive data, such as seed phrases, to attacker-controlled domains.
Trust Wallet quickly confirmed the issue was isolated to browser extension version 2.68, emphasizing that mobile app users and other versions remained unaffected. The team urged affected users to immediately disable the extension, upgrade to the patched version 2.69 via the official Chrome Web Store, and transfer remaining funds to new wallets.
Former Binance CEO Changpeng Zhao (CZ), whose company owns Trust Wallet, announced that all losses—estimated at around $7 million—would be fully reimbursed using Binance’s Secure Asset Fund for Users (SAFU). The team is collaborating with security experts to probe the root cause, including how attackers infiltrated the update process.
This incident underscores persistent risks with browser-based wallets, which are vulnerable to supply-chain attacks and malicious updates. Experts recommend prioritizing hardware wallets for large holdings, avoiding seed phrase imports on extensions, and verifying sources rigorously.
While recovery is underway for victims, the breach highlights the need for enhanced security in hot wallets amid rising crypto exploits in 2025.
