What Happened With Trust Wallet’s Chrome Extension?
Trust Wallet has opened a formal claims process for users affected by a security breach tied to version 2.68 of its Chrome browser extension, after malicious code embedded in the update drained funds from hundreds of wallets. The company confirmed that roughly $7 million in digital assets were stolen across multiple blockchains, including bitcoin, ether, and solana.
The incident was detected days after the compromised update was released. Trust Wallet pushed a fix in version 2.69 on Dec. 25 and said users who logged into the extension before Dec. 26 at 11:00 a.m. UTC were potentially exposed. Mobile app users and those using other browser versions were not affected.
According to Trust Wallet, attackers exploited a leaked Chrome Web Store API key to publish the malicious update on Dec. 24 at 12:32 p.m. UTC. The key allowed the attackers to bypass the company’s internal release checks and distribute the compromised version directly through the official Chrome Web Store.
Investor Takeaway
How Is Trust Wallet Handling Compensation?
Trust Wallet said affected users can now submit claims through an official support form on its website. Claimants are asked to provide their email address, country of residence, compromised wallet addresses, the attacker’s receiving addresses, and transaction hashes linked to the theft. The company said the information is required to verify claims and prevent further abuse.
“We are working around the clock to finalize the compensation process details and each case requires careful verification to ensure accuracy and security,” Trust Wallet wrote on X. The company said it intends to reimburse all users impacted by the breach.
Changpeng Zhao, founder of Binance, which acquired Trust Wallet in 2018, also addressed the incident publicly. “So far, $7m affected by this hack. TrustWallet will cover,” Zhao wrote on X, adding that user funds “are SAFU.”
Alongside the claims process, Trust Wallet warned users to remain alert for fake compensation forms and impersonation attempts circulating after the breach. The company said it will only communicate through official channels and urged users not to share recovery phrases or private keys under any circumstances.
What Do Investigators Say About the Stolen Funds?
Blockchain security firm PeckShield reported that more than $4 million of the stolen assets had already been routed through centralized exchanges, including ChangeNOW, FixedFloat, and KuCoin. As of Thursday, roughly $2.8 million remained in wallets controlled by the attacker.
The breach first came to broader attention after onchain investigator ZachXBT issued an alert on Telegram on Christmas Day. He said multiple Trust Wallet users reported having funds drained shortly after installing the Dec. 24 update. The timing pointed early suspicion toward the extension itself rather than user-side phishing.
Further analysis by security firm SlowMist found that the malicious code was designed to harvest wallet seed phrases. Attackers achieved this by modifying an open-source analytics library embedded in the extension, allowing sensitive data to be exfiltrated without obvious user interaction.
Investor Takeaway
Why Does This Incident Matter for Wallet Security?
Trust Wallet’s Chrome extension has about one million users, according to its Web Store listing, making the breach one of the more notable wallet-related incidents tied to browser extensions in recent years. While the company acted quickly to push a fix and commit to reimbursement, the episode highlights persistent weaknesses in extension distribution and update mechanisms.
Unlike direct smart contract exploits or phishing campaigns, this incident stemmed from compromised developer credentials. That allowed attackers to deliver malicious code through official channels, eroding the assumption that updates from trusted sources are inherently safe.
The case also adds to a growing list of incidents where browser-based wallets and extensions become targets as crypto usage spreads beyond early adopters. Security teams now face pressure to harden not just code, but every layer of the release and distribution pipeline.
