- Security researchers believe the incident may have involved a supply-chain attack.
- Co-founder Changpeng Zhao stated that Trust Wallet will fully reimburse all affected users.
A routine software update turned costly for Trust Wallet users after a security breach in the wallet’s Chrome extension allowed hackers to drain roughly $7 million worth of crypto.
The issue came to light on December 25 when on-chain investigator ZachXBT flagged reports of unauthorized wallet drains immediately following an update to Trust Wallet’s Chrome extension. The affected version—2.68—was released a day earlier.
According to Trust Wallet, the attack targeted only version 2.68 of its browser extension. The company has since urged users to avoid opening that version and instead download the patched version, 2.69, from the official Chrome Web Store.
In a post on X, the team said mobile users and other versions of the extension were not affected.
ZachXBT reported that multiple users saw their crypto balances drop within hours of installing the update. Security researchers suspect a supply-chain compromise in the Chrome release, possibly allowing attackers to capture wallet seed phrases and private keys.
See Related: Kraken’s Australian Arm Found In Breach Of Financial Regulations, Court Rules
Update Triggers Security Breach
As panic spread among wallet holders, Binance’s Changpeng Zhao confirmed that Trust Wallet will compensate all affected users. “About $7 million was impacted by the Chrome extension incident,” he wrote, adding that refunds will be distributed once verification steps are complete.
Following the incident, developers stressed that only the Chrome extension version 2.68 carries risk. Users are advised to remove that version, install the latest 2.69 release, and move any exposed assets to a fresh wallet address.
Security experts also recommended revoking permissions linked to the compromised wallet and reviewing past transactions for suspicious activity.
The breach adds to a growing list of attacks targeting browser and mobile wallets. Chainalysis data shows that crypto thefts totaled about $6.75 billion in 2025, with individual wallet compromises surging to 158,000—more than double last year, Coindesk reported.
