Security concerns have emerged around the Trust Wallet browser extension on 25 December, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update, prompting warnings from developers and security-focused accounts.
According to posts circulating on X, the issue may stem from a suspected supply-chain compromise introduced in a 24 December browser extension update.
Newly added code within the extension could silently exfiltrate sensitive wallet data when users import a seed phrase. The claims suggest that this has led to immediate wallet draining.
Developers examining the extension allege that a JavaScript file added in the update contains logic disguised as analytics.
The code is said to activate specifically when a seed phrase is imported. It then silently transmits wallet-related data to an external domain designed to resemble official Trust Wallet infrastructure.
The domain referenced in the reports was reportedly registered only days ago and has since gone offline.
Researchers argue that its recent creation and the timing of the extension update raise concerns about a coordinated supply-chain attack rather than user-side phishing.
Multiple users have reported wallets being drained shortly after importing seed phrases into the Trust Wallet browser extension.
Publicly shared estimates suggest that more than $2 million may have been lost. Although these figures have not been independently verified.
Analysts indicate that funds were routed through multiple addresses, a pattern more commonly associated with automated exploitation than isolated user error.
At this stage, there is no indication that Trust Wallet’s mobile applications are affected.
The warnings circulating online are focused specifically on the browser extension. This is where update mechanisms and third-party dependencies present higher supply-chain risk.
Users are advised not to import seed phrases into the Trust Wallet browser extension until further clarification is provided.
As of the time of writing, Trust Wallet has not issued any public response, clarification, or security advisory addressing the allegations.
There has been no confirmation or denial of the claims, nor any announcement of an extension, rollback, or emergency patch.
Researchers have emphasized that the situation remains under active investigation. Conclusions should not be drawn until the extension code and related on-chain activity have been fully reviewed.
If confirmed, the incident would represent a serious supply-chain compromise.
