Trust Wallet’s users lost roughly $7 million to hackers due to a security flaw in its 2.68 version.
By Wahid Pessarlay
Editor Yana Khlebnikova
Updated
2 mins read
Trust Wallet, a non-custodial crypto wallet owned by Binance co-founder Changpeng “CZ” Zhao, has confirmed a security incident involving its browser wallet extension, resulting in $6.77 million in user losses.
According to an X post by Lookonchain, the hacker sent $4.25 million of the stolen funds to centralized crypto exchanges and platforms like KuCoin, HTX, ChangeNOW, and FixedFloat.
Trust Wallet(@TrustWallet) has been exploited, with hundreds of users affected and over $6.77M stolen so far.
The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX.
CZ(@cz_binance) has stated that Trust Wallet will fully cover the losses.
Check hacker… pic.twitter.com/6xjyOaxUEK
— Lookonchain (@lookonchain) December 26, 2025
On-chain data show that the attacker stole a range of digital assets from Trust Wallet users, including BTC $88 595 24h volatility: 1.4% Market cap: $1.77 T Vol. 24h: $37.44 B , ETH $2 959 24h volatility: 1.2% Market cap: $357.04 B Vol. 24h: $17.15 B , USDT, USDC, and BNB $840.8 24h volatility: 0.0% Market cap: $115.77 B Vol. 24h: $985.92 M , among others.
The issue affected version 2.68 of the browser extension, Trust Wallet wrote in its statement. The company urged its users to update their wallets to version 2.69 immediately to avoid further losses.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
The incident appears linked to malicious code in the extension that triggered when users imported a seed phrase.
Trust Wallet confirmed that mobile users and other extension versions were not affected.
Zhao, who owns a majority stake in Trust Wallet, said that the company will “cover” the user losses.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
— CZ 🔶 BNB (@cz_binance) December 26, 2025
In response to Zhao’s X post, some community members alleged that the hack was an insider job because of simple flaws in the platform’s code.
Are you sure you have the right people for this?
The code that the so-called hackers slid in is ridiculously easy to spot, you could even catch this via basic automated audits for any and all external URLs. Are we being told that there are no automated audits looking for… pic.twitter.com/TaTiodXUfq
— ʝㄐ🔆 (@j4hangir) December 26, 2025
“There aren’t even Unicode letters in this; it’s literally screaming, ‘I’m phishing.’ How could no one, no automated unit test, no procedure catch this?” Jay Nasr, the chief technology officer at Kuvi and Altura, responded.
Some users emphasized that only returning the funds won’t guarantee a similar incident won’t happen and urged Trust Wallet to “tighten the loopholes.”
The Trust Wallet Token (TWT) fell from $0.82 to $0.76 just a few hours after the hack, but soon regained traction. TWT is currently back to the $0.82 zone, with a market cap of $353 million.
According to data from DefiLlama, Trust Wallet made a $13.59 million profit in 2025 so far, a 25% decline from 2024’s $18.13 million profit.
The leading crypto wallet claimed last week that its user base had crossed 220 million in 2025.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Wahid has been analyzing and reporting on the latest trends in the decentralized ecosystem since 2019. He has over 4,000 articles to his name and his work has been featured on some of the leading outlets including Yahoo Finance, Investing.com, Cointelegraph, and Benzinga. Other than reporting, Wahid likes to connect the dots between DeFi and macro on his newsletter, On-chain Monk.
