Trust Wallet Chrome Extension Breach Drains About $7 Million as Investigators Flag Supply-Chain Risks

A Malicious Christmas-Day Update Exposes Seed Phrases and Triggers Rapid Multi-Chain Losses

TL;DR

• A compromised Trust Wallet Chrome extension update led to roughly $7 million in user losses over Christmas Day 2025.
• The attack appears to be a supply-chain compromise that exfiltrated seed phrases, enabling near-instant wallet drains across multiple blockchains.
• Trust Wallet acknowledged the breach, released a patched version, and Binance founder Changpeng Zhao said affected users would be fully reimbursed.

We’ve just launched the all-new COIN360 Perp DEX, built for traders who move fast!

Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.

Trust Wallet users suffered significant losses over the December 25 holiday period after a malicious update to the wallet’s Chrome browser extension enabled attackers to gain direct access to user funds. Investigators and blockchain analysts estimate the total damage at around $7 million, with losses spanning multiple networks and affecting hundreds of wallets within hours of the update’s release. The incident has drawn renewed scrutiny to browser-based wallets and the security risks embedded in software distribution channels.

Evidence gathered from on-chain data and independent security researchers indicates that the compromised release, identified as extension version 2.68, contained hostile code capable of intercepting seed phrases. Wallets became vulnerable the moment users unlocked the extension or imported recovery phrases, allowing the malicious script to transmit those credentials to attacker-controlled servers. Once obtained, the seed phrases gave the attackers full control, leading to swift and irreversible fund transfers across chains including Bitcoin, Ethereum, Binance Smart Chain, Solana, and other EVM-compatible networks.

The breach first gained public attention after on-chain investigator ZachXBT highlighted a cluster of suspicious transactions draining Trust Wallet users in rapid succession. Subsequent analysis suggested the exploit followed the pattern of a supply-chain attack, where a legitimate update channel is leveraged to distribute malicious code at scale. Security firm SlowMist later noted that preparatory activity may have begun weeks earlier, with indications the backdoor was planted before Christmas and activated once the update reached a critical mass of users.

Trust Wallet confirmed the issue shortly after reports spread, stating that only the Chrome extension version 2.68 was affected and that mobile applications and other versions remained secure. A patched update, version 2.69, was released to remove the malicious components. Users were advised to disable the compromised extension immediately and migrate funds to new wallets, as exposure of a seed phrase permanently undermines wallet security regardless of subsequent software fixes.

Binance founder Changpeng “CZ” Zhao addressed the incident publicly, estimating total losses at approximately $7 million and stating that affected users would be fully reimbursed through Binance’s Secure Asset Fund for Users. Zhao also suggested the nature of the breach raised the possibility of insider involvement, citing the attackers’ apparent familiarity with the extension’s codebase and deployment process. That assessment echoed views from parts of the security community, which noted that the precision of the injected code implied more than a random external exploit.

Market reaction to the disclosure was muted but visible, with the Trust Wallet token experiencing brief volatility before stabilizing. Beyond price movements, the episode has intensified debate around the safety trade-offs of browser extensions for self-custody, particularly as personal wallet compromises accounted for a substantial share of crypto losses in 2025. The Trust Wallet breach stands as one of the year’s most prominent examples of how vulnerabilities at the software interface layer, rather than in blockchain protocols themselves, continue to pose material risks to users.

This article has been refined and enhanced by ChatGPT.