Trust Wallet has confirmed a security incident involving its Chrome browser extension that resulted in the loss of approximately $7 million in cryptocurrency. The breach affected users running a specific version of the extension and has prompted an urgent security response from the company.
According to Trust Wallet, the issue impacted version 2.68 of its Chrome extension, which was briefly made available before being taken down. The company is now urging all users to update immediately to version 2.69, which contains the necessary security fixes.
What Happened
The incident stemmed from malicious code introduced into the Chrome extension that allowed attackers to extract wallet recovery phrases. Once compromised, the attackers were able to gain full control of affected wallets and transfer funds without user authorization.
Trust Wallet confirmed that the malicious activity resulted in losses totaling approximately $7 million. The company stated that all impacted users will be reimbursed and emphasized that only users of the affected browser extension were impacted. Mobile app users and other wallet versions remain safe.
“We’ve confirmed the scope of the incident and are actively supporting impacted users,” the company said. “Protecting our users remains our top priority.”
How the Attack Worked
Blockchain security researchers revealed that the compromised extension contained code designed to harvest recovery phrases from users’ wallets. When users unlocked their wallets, the malicious logic extracted encrypted recovery data and transmitted it to attacker-controlled servers.
The stolen information was routed through a domain disguised to look like legitimate Trust Wallet infrastructure. Investigators later confirmed the domain was registered in early December and began receiving stolen data shortly after.
Analysis by multiple security firms indicates the attackers used a legitimate analytics framework as part of the exfiltration process, allowing the malicious traffic to blend in with normal application behavior and evade detection.
Funds Stolen and Laundering Activity
Blockchain analysis shows that the attackers drained millions in digital assets, including Bitcoin, Ethereum, and Solana. A significant portion of the stolen funds has since been moved through centralized exchanges and cross-chain bridges in an effort to obscure transaction trails.
Security researchers tracking the incident estimate that several hundred users were affected, with losses ranging from small personal holdings to high-value wallets.
Possible Insider Access Under Investigation
Trust Wallet has stated that the malicious version of the extension was not released through its standard internal deployment process. Early findings suggest the attacker may have gained access to internal publishing credentials, possibly through a compromised API key.
While no final conclusions have been made, the company acknowledged that the breach may have involved unauthorized access to internal tooling rather than a vulnerability in the Chrome Web Store itself.
What Users Should Do Now
Trust Wallet is advising all users to:
- Update the Chrome extension to the latest version immediately
- Avoid interacting with any unofficial messages or support requests
- Never share recovery phrases or private keys
- Only trust official Trust Wallet communication channels
Affected users have been instructed to submit a claim through the company’s official support portal to begin the reimbursement process.
Ongoing Investigation
Trust Wallet CEO Eowyn Chen confirmed that a full investigation is underway and that additional safeguards have been implemented to prevent similar incidents. The company has also revoked compromised credentials, disabled affected infrastructure, and tightened internal security controls.
“This was a serious incident, and we are taking every necessary step to protect users and restore trust,” Chen said.
As the investigation continues, users are urged to remain cautious and verify all communications claiming to be from Trust Wallet.