On December 25, 2025, Trust Wallet Browser Extension users were targeted by a sophisticated hack that resulted in the theft of approximately $7 million worth of cryptocurrency.
The breach primarily targeted version 2.68 of the Chrome extension and was based on a hacker-developed backdoor that stole the private keys and mnemonic data of affected individuals, subsequently exporting the information to the hacker's server.
According to on-chain analyst ZachXBT, who reported that the attack affected hundreds of individuals and compiled a list of theft addresses spanning EVM chains, Bitcoin, and Solana.
The hacker behind the attack is said to have started preparations for the attack as early as December 8, 2025, and gained access to Trust Wallet's source code repository. On December 22, the malicious code was integrated into the update for the extension, which was then labeled with harmless-sounding “analytics” features.
The backdoor was then set to activate on Christmas Day, when the extraction of funds from affected wallets began. The malware code had warning signs, including connections to a dubious domain, "https://trustwallets.org," which experts believe should have been flagged by basic automated audits or manual checks.
A security researcher pointed out that this domain was rather fishy, pointing toward the lack of protection against calls from external URL addresses.
Trust Wallet identified the issue on December 25, 2025. In an official statement, the company announced, "We advise those affected to turn off their client v2.68 and update to v2.89 via the official Chrome Web Store."
The hack only affected desktop browser extension users, leaving mobile app users and other extension versions untouched.
Analysts from SlowMist and blockchain expert Anndy Lian believed that the attacker is well familiar with Trust Wallet's codebase, suspecting it's probably an insider job. Binance co-founder Changpeng Zhao (CZ) shared similar beliefs and assessments in a response on X, labeling it "most likely an inside attack."
The attack is a testament to the vulnerabilities in crypto wallets, where individual compromises represented 37% of stolen value in 2025, not counting major exchange breaches like Bybit's $1.4 billion loss in February 2025. It serves as another example of aggressive hacking tactics in the decentralized finance ecosystem.
Response, Reimbursement, and Broader Implications
Following the attack, CZ stated on December 26, 2025, that Trust Wallet would fully compensate the $7 million in losses.
This decision is in line with the user-protecting culture at Binance, as CZ stated that there were still investigations to determine how such an ‘evil’ version was submitted to the Chrome Store.
According to ZachXBT, he had been contacted directly by several victims with whom he compiled information on the scam addresses. While the quick reimbursement was seen as a positive step by some victims, other community members disagreed and criticized the decision over inconsistencies in handling similar attacks from 2023.
Trust Wallet's team is still investigating the attack, as CZ suggested potential insider collusion could be a reason to make internal changes within the organization.
Some community members are pushing for improved security measures, including compulsory code audits and advanced phishing detection in updates. Following the hack, there have been debates on the dangers of using browser extensions versus mobile wallets, with suggestions to switch to mobile wallets for better security.
https://www.cryptobreaking.com/trust-wallet-suffers-7m-hack/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Trust%20Wallet%20Suffers%20$7M%20Hack%20on%20Christmas%20Day,%20Binance's%20CZ%20Commits%20to%20Full%20User%20Reimbursement%20
Comments
Post a Comment