On December 26, 2025, Trust Wallet issued an urgent security alert following a devastating breach of its Google Chrome extension that resulted in a $7 million cryptocurrency loss. The popular non-custodial wallet provider confirmed that hackers successfully injected malicious code into version 2.68 of the extension, allowing them to siphon assets from hundreds of unsuspecting users during the holiday period. While the mobile application remains secure, those using the browser-based tool on desktop are at high risk until they update their software.
Malicious Code Targets Recovery Phrases
The breach originated from a sophisticated supply chain attack that bypassed standard security protocols. According to security researchers, the attackers managed to modify the internal codebase of version 2.68 to include a backdoor. Specifically, this malicious code was designed to iterate through every wallet stored within the extension and trigger a hidden request for the user’s mnemonic seed phrase. Once the user unlocked their wallet, the extension silently decrypted the phrase and exfiltrated it to a server controlled by the hackers.
Furthermore, the bad actors leveraged a legitimate analytics library, PostHog, to disguise their data theft as standard traffic. Consequently, the stolen assets were quickly moved through various protocols. Reports indicate that the haul included roughly $3 million in Bitcoin and over $3 million in Ethereum, alongside smaller amounts of Solana and other tokens. Experts from SlowMist suggest the attack might be the work of a nation-state actor or a highly advanced persistent threat (APT) group, given the complexity of the execution.
Rapid Response and Full User Reimbursement
As the incident unfolded, Trust Wallet CEO Eowyn Chen clarified that the compromised version was not released through the company’s internal manual process. Instead, it appears the hackers utilized a leaked Chrome Web Store API key to push the update directly to the public. In response to the crisis, the company has already disabled the malicious domain and expired all compromised API keys to prevent further damage.
According to The Hacker News, Trust Wallet has committed to a full recovery plan for those affected. The company stated on social media that supporting impacted users is their top priority and they are currently finalizing a process to refund the $7 million in lost funds. Meanwhile, on-chain sleuths like ZachXBT have tracked over $4 million of the stolen crypto as it was funneled into centralized exchanges such as ChangeNOW and KuCoin for laundering.
Critical Steps for Trust Wallet Users
To stay safe, users must immediately check their extension version. If you are running version 2.68, you should disable the extension and update to version 2.69 right away. Because the attackers also launched parallel phishing sites to capitalize on the panic, users must remain vigilant against fake “compensation” forms found on Telegram or X (formerly Twitter). Trust Wallet emphasizes that they will never ask for your recovery phrase through a support link or direct message.