Cryptocurrency wallet provider Trust Wallet reported a security incident affecting version 2.68 of its browser extension, with onchain researcher ZachXBT estimating initial losses exceeding $6 million.
The incident was first reported when ZachXBT issued a community alert on Telegram on Thursday, indicating that several application users had experienced unauthorized withdrawals from their wallet addresses within a brief timeframe.
Preliminary analysis indicates a possible supply chain attack, in which malicious code may have been inserted into the extension, potentially sending users’ seed phrases to a fraudulent site when the wallet was unlocked, according to cybersecurity company Slowmist.
Blockchain analytics platform Lookonchain reported that the attacker has transferred approximately $4.25 million to platforms including ChangeNOW, FixedFloat, KuCoin, and HTX.
The Trust Wallet team confirmed that the issue is limited to Browser Extension version 2.68. Users of this version are advised to disable it and upgrade to version 2.69. Mobile users and other browser extension versions were not affected. The team emphasized that they are actively addressing the situation and will provide updates as they become available.
In order to ensure security, users who have not yet updated to version 2.69 are advised not to open the vulnerable browser extension. The provider released a step-by-step guide to update safely: users should avoid opening the extension, navigate to the Chrome Extensions panel using the official extension URL, switch off the extension if it is on, enable Developer Mode, press the “Update” button, and verify that the version number is 2.69, the latest secure version.
The hack occurred unexpectedly during the Christmas holiday, when many users were unprepared. Reports indicated that users received notifications of transactions they did not initiate and wallets they had not approved. Over 500 individuals were affected, with losses ranging from $50,000 to $800,000, all involving the Trust Wallet browser extension within a 24-hour period.
Onchain researcher ZachXBT noted that numerous concerned users had reached out via direct messages seeking clarification about potential compensation for affected users. In response, the Trust Wallet team stated that their Customer Support is already contacting impacted users with guidance on next steps and advised others to reach out to support for assistance.
Cryptocurrency exchange Binance founder Changpeng Zhao who is also an owner of Trust Wallet, confirmed that user funds would be fully covered.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.
— CZ
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8bBNB (@cz_binance) December 26, 2025
He expressed appreciation for users’ understanding regarding any inconvenience caused. The Trust Wallet team continues to investigate how the compromised version was submitted.
The post Trust Wallet Browser Extension Hack Affects Over 500 Users, $6M In Funds Targeted, Full Reimbursement Assured appeared first on Metaverse Post.
