Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses.
The cryptocurrency wallet (used by over 200 million people according to its official website) allows users to store, send, receive, and manage Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies and digital tokens using a browser extension and free iOS and Android mobile apps.
Trust Wallet launched in 2017 and was acquired by Binance, one of the world's largest cryptocurrency exchanges, the following year. Despite this, it still operates as a separate, decentralized wallet application.
As BleepingComputer reported earlier, the December 24 incident led to approximately $7 million being stolen from the compromised wallets after version 2.68.0 of its Chrome extension was compromised, with attackers adding a malicious JavaScript file that exfiltrated sensitive wallet data.
Trust Wallet confirmed the hack after BleepingComputer reached out for confirmation and advised users to immediately update to version 2.69 to block further crypto theft attempts.
"The malicious extension v2.68 was NOT released through our internal manual process. Our current findings suggest it was most likely published externally through Chrome Web Store API key, bypassing our standard release checks," CEO Eowyn Chen explained.
"A working hypothesis (still under investigation): The hacker used a leaked Chrome Web Store API key to submit the malicious extension version v2.68. This successfully passed Chrome Web Store's review and was released on Dec 24, 2025 at 12:32 UTC."
In response to the incident, Trust Wallet expired all release APIs to block any attempts to release new versions over the next two weeks. It also ensured that the hackers couldn't steal additional wallet data by reporting the malicious exfiltration domain to NiceNIC, the registrar, which promptly suspended it.
However, as BleepingComputer found, the attackers doubled down on their efforts, launching a phishing campaign that took advantage of the ensuing panic, using a Trust Wallet-branded website and asking users for their wallet recovery seed phrase to get an "important scheduled update with security improvements."
Malicious fix-trustwallet[.]com domain (BleepingComputer)
... continue reading