Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025.
The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment.
Blockchain investigator ZachXBT initially flagged the incident on the social media platform X, noting a suspicious spike in unauthorized fund transfers from affected addresses immediately after user interactions with the compromised extension.
Victims began reporting the thefts on Christmas Eve, sharing screenshots showing portfolios emptied of Ethereum, Bitcoin, Solana, and Binance Coin holdings.
One victim reported losing $300,000 within minutes after performing routine authorization through the extension, with stolen assets redirected to multiple attacker-controlled addresses.
Security firm PeckShield initially estimated losses at $6 million. However, Trust Wallet later confirmed that approximately $7 million had been stolen across hundreds of compromised wallets.
Security researchers identified malicious code embedded in a JavaScript file named 4482.js that masqueraded as legitimate PostHog analytics software.
The obfuscated script activated when users imported seed phrases, silently exfiltrating sensitive wallet credentials and recovery phrases to api.metrics-trustwallet.com a fraudulent domain registered mere days before the attack and designed to mimic official Trust Wallet infrastructure.
The attack demonstrated sophisticated coordination, with threat actors simultaneously launching phishing campaigns via domains such as fix-trustwallet.com.
These fraudulent sites exploited user panic by offering fake “vulnerability fixes” that prompted users to enter their seed phrases, enabling instant wallet drainage.
Trust Wallet acknowledged the security breach on December 25 via X, confirming the compromise affected only version 2.68.0.
The company instructed users to immediately turn off the extension and update to version 2.69.
Trust Wallet pledged full refunds to victims and warned users against responding to unofficial direct messages claiming to offer support.
Binance co-founder Changpeng Zhao suggested potential insider involvement in the breach, raising questions about internal security controls.
The incident highlights critical supply-chain vulnerabilities in cryptocurrency extensions, where automatic updates can bypass user verification.
Cybersecurity experts recommend that affected users create new wallets and carefully verify all future extension updates.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.