In a shocking Christmas Day revelation, Trust Wallet, the popular cryptocurrency wallet affiliated with Binance, confirmed a major security incident targeting its Chrome browser extension version 2.68. Malicious code injected through a supply chain attack led to the theft of approximately $7 million from hundreds of users’ wallets. The company has urged affected users to immediately disable the vulnerable version and upgrade to the secure 2.69 release, while promising full reimbursements for those impacted.
The breach, first detected on December 24, 2025, exploited a flaw in the extension’s update process, allowing hackers to drain funds shortly after users entered their seed phrases. On-chain investigator ZachXBT initially reported over $6 million in losses, but Trust Wallet’s latest update pegged the figure at $7 million across multiple blockchains, including Bitcoin, Ethereum, and BNB. Binance founder CZ highlighted the incident on X, noting potential insider involvement and reaffirming that reimbursements would cover all losses.
Urgent Steps for Users
Trust Wallet emphasized that only the specific browser extension version is affected—mobile app users and other extension variants remain safe. In detailed instructions shared on X, the team outlined a six-step process: avoid opening the extension, access Chrome’s extensions panel, disable the toggle, enable developer mode, update, and verify version 2.69. Users were warned against interacting with unofficial messages, as scammers could exploit the chaos with phishing attempts.
Broader Implications for Crypto Security
This incident underscores the vulnerabilities of browser-based wallets, which are convenient but expose users to supply chain risks and malicious updates. Crypto communities on X buzzed with warnings, with analysts like MartyParty and others stressing the need for hardware wallets or multisig setups for significant holdings. Trust Wallet’s support team is proactively contacting victims to guide them through reimbursement, a move praised for transparency amid the holiday timing.
As the crypto space evolves, incidents like this highlight the ongoing battle against sophisticated attacks. Users are reminded to source updates only from official channels, like the Chrome Web Store, and to enable two-factor authentication wherever possible.