Trust Wallet, a major self-custody cryptocurrency wallet, has suffered a significant security breach affecting its Chrome browser extension version 2.68, resulting in losses estimated at $7 million. The incident, identified on December 25, 2025, is isolated to the specific browser extension version and does not impact Trust Wallet's mobile applications or other extension versions.
The company issued an urgent warning via its official X account, instructing users of version 2.68 to immediately disable the extension and upgrade to the patched version 2.69. The vulnerability appears to stem from a supply chain compromise in the extension update released on December 24, 2025, rather than a smart contract flaw or user-side phishing attack. Reports from crypto analysts suggest malicious code embedded in version 2.68 allowed attackers to extract wallet seed phrases, leading to unauthorized transfers of user funds across multiple blockchain networks.
Changpeng 'CZ' Zhao, co-founder of Binance, publicly committed that Trust Wallet will cover the full $7 million in user losses. In a post on X, CZ stated, "So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU." He also noted the team is investigating how hackers were able to submit the compromised version to the update pipeline.
On-chain analytics firm Lookonchain reported that the exploiter has already moved approximately $4.25 million of the stolen funds through cryptocurrency exchanges and swap services, including KuCoin, FixedFloat, ChangeNOW, and HTX. The stolen assets reportedly included Bitcoin (BTC), Ethereum (ETH), Solana (SOL), and BNB.
Trust Wallet has confirmed its security team is actively investigating the incident and contacting affected users regarding compensation and next steps. The breach has reignited discussions about the security risks associated with browser-based wallet extensions and software update mechanisms in the cryptocurrency ecosystem.
