What is the story about?
A malicious update to Binance-owned Trust Wallet's Chrome extension turned a quiet Christmas night into a nightmare for hundreds of users, resulting in losses of nearly $7 million.
The breach, which occurred on December 25, was caused by a supply-chain attack that injected malicious code into the extension's JavaScript files, disguised as routine analytics functionality.
Users who installed the affected version (2.68) and imported their seed phrases unknowingly handed attackers access to their wallets. When users imported their recovery phrases, the code activated and transferred sensitive wallet data to an attacker-controlled domain.
The exploit ran silently in the background, thus there were no visible warning indications. The crypto wallet platform stated that the vulnerability was limited to the Chrome browser extension and did not affect its mobile apps or the underlying blockchains themselves.
Trust Wallet has since released a patched version (2.69) and advised users to disable the affected version and update immediately. In a post on X on Friday, Trust Wallet said, "We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69."
In a separate post, it wrote, "We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded. Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users. We appreciate your patience and will share instructions on next steps soon."
Meanwhile, Binance founder Changpeng Zhao (CZ) stated that the affected users would be fully reimbursed. He assured that the team is still looking into how hackers were able to acquire the updated version.
“So far, $7 million has been affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version.”
If you are an affected user of Browser Extension v2.68, follow these steps shared by Trust Wallet:
Step 1: To ensure the security of your wallet and avoid further issues, do not open the Trust Wallet Browser Extension v2.68 on your desktop device.
Step 2: Go to the Chrome Extensions panel in your Chrome browser by copying the following to the address line (shortcut to the Official Trust Wallet Browser Extension): chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph.
Step 3: If the toggle below the Trust Wallet is still set to ‘On,’ turn it ‘off’.
Step 4: Click ‘Developer mode’ in the upper right corner.
Step 5: Press the ‘Update’ button in the upper left corner.
Step 6: Check the version number: 2.69. This is the latest and most secure version.
The breach, which occurred on December 25, was caused by a supply-chain attack that injected malicious code into the extension's JavaScript files, disguised as routine analytics functionality.
Users who installed the affected version (2.68) and imported their seed phrases unknowingly handed attackers access to their wallets. When users imported their recovery phrases, the code activated and transferred sensitive wallet data to an attacker-controlled domain.
The exploit ran silently in the background, thus there were no visible warning indications. The crypto wallet platform stated that the vulnerability was limited to the Chrome browser extension and did not affect its mobile apps or the underlying blockchains themselves.
Trust Wallet has since released a patched version (2.69) and advised users to disable the affected version and update immediately. In a post on X on Friday, Trust Wallet said, "We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69."
Update on the Trust Wallet Browser Extension (v2.68) incident:
We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded.
Supporting affected users is our top priority, and we are actively finalizing the process to refund the… https://t.co/2XRx8GvZ75
— Trust Wallet (@TrustWallet) December 26, 2025
In a separate post, it wrote, "We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded. Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users. We appreciate your patience and will share instructions on next steps soon."
Meanwhile, Binance founder Changpeng Zhao (CZ) stated that the affected users would be fully reimbursed. He assured that the team is still looking into how hackers were able to acquire the updated version.
“So far, $7 million has been affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version.”
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate
your understanding for any inconveniences caused. ????
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
— CZ ???? BNB (@cz_binance) December 26, 2025
If you are an affected user of Browser Extension v2.68, follow these steps shared by Trust Wallet:
Step 1: To ensure the security of your wallet and avoid further issues, do not open the Trust Wallet Browser Extension v2.68 on your desktop device.
Step 2: Go to the Chrome Extensions panel in your Chrome browser by copying the following to the address line (shortcut to the Official Trust Wallet Browser Extension): chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph.
Step 3: If the toggle below the Trust Wallet is still set to ‘On,’ turn it ‘off’.
Step 4: Click ‘Developer mode’ in the upper right corner.
Step 5: Press the ‘Update’ button in the upper left corner.
Step 6: Check the version number: 2.69. This is the latest and most secure version.
