Trust Wallet says it will reimburse users after a Christmas Day exploit drained about $7 million from desktop users, following the compromise of its browser extension.
Trust Wallet said its browser extension version 2.68 was hit by a security incident impacting desktop users, and urged people to upgrade to version 2.89. Changpeng Zhao, co-founder of Binance, which owns Trust, said on X that the lost funds will be covered.
The attack hit at a time when personal wallet compromises remain a major risk for crypto holders. Chainalysis has said personal wallet compromises accounted for 37% of the value stolen in 2025, excluding the $1.4 billion Bybit hack in February.
Onchain investigator ZachXBT said “hundreds” of Trust users were affected. The incident centers on the browser extension, where the attacker allegedly introduced malicious code that enabled theft.
SlowMist co-founder Yu Xian said the operation was not a one-day hit. A machine translation of his post read: “The attacker started preparations at least on [Dec. 8], successfully implanted the backdoor on [Dec. 22], began transferring funds on [Christmas Day], and thus was discovered. The backdoor code was also collecting users’ personal information, which was sent to the attacker’s server.”
SlowMist also said the backdoor code was collecting users’ personal information and sending it to the attacker’s server, raising concerns beyond stolen crypto.
Some industry watchers say the method used suggests privileged access. “This kind of ‘hack’ is not natural. The chances of insider is high,” intergovernmental blockchain adviser Anndy Lian wrote on X. Zhao said the exploit was “most likely” an insider.
Xian also said the attacker was “very familiar with the Trust extension’s source code,” which he said helped them implement the backdoor code used to collect sensitive user information.
