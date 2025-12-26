Key Notes

A browser extension hack targeting Trust Wallet users resulted in millions of dollars in stolen crypto.

The issue was allegedly due to a bad extension update — version 2.68.

Mobile wallet users were safe, but the company urged web users to upgrade the browser extension.

Trust Wallet, a non-custodial crypto wallet owned by Binance co-founder Changpeng “CZ” Zhao, has confirmed a security incident involving its browser wallet extension, resulting in $6.77 million in user losses.

According to an X post by Lookonchain, the hacker sent $4.25 million of the stolen funds to centralized crypto exchanges and platforms like KuCoin, HTX, ChangeNOW, and FixedFloat.

Trust Wallet(@TrustWallet) has been exploited, with hundreds of users affected and over $6.77M stolen so far. The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX. CZ(@cz_binance) has stated that Trust Wallet will fully cover the losses. Check hacker… pic.twitter.com/6xjyOaxUEK — Lookonchain (@lookonchain) December 26, 2025

On-chain data show that the attacker stole a range of digital assets from Trust Wallet users, including BTC $88 595 24h volatility: 1.4% Market cap: $1.77 T Vol. 24h: $37.44 B , ETH $2 959 24h volatility: 1.2% Market cap: $357.04 B Vol. 24h: $17.15 B , USDT, USDC, and BNB $840.8 24h volatility: 0.0% Market cap: $115.77 B Vol. 24h: $985.92 M , among others.

The issue affected version 2.68 of the browser extension, Trust Wallet wrote in its statement. The company urged its users to update their wallets to version 2.69 immediately to avoid further losses.

We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69. Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb Please note: Mobile-only users… — Trust Wallet (@TrustWallet) December 25, 2025

The incident appears linked to malicious code in the extension that triggered when users imported a seed phrase.

Trust Wallet confirmed that mobile users and other extension versions were not affected.

CZ Promises Compensation

Zhao, who owns a majority stake in Trust Wallet, said that the company will “cover” the user losses.

So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏 The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b — CZ 🔶 BNB (@cz_binance) December 26, 2025

Insider Hack?

In response to Zhao’s X post, some community members alleged that the hack was an insider job because of simple flaws in the platform’s code.

Are you sure you have the right people for this? The code that the so-called hackers slid in is ridiculously easy to spot, you could even catch this via basic automated audits for any and all external URLs. Are we being told that there are no automated audits looking for… pic.twitter.com/TaTiodXUfq — ʝㄐ🔆 (@j4hangir) December 26, 2025

“There aren’t even Unicode letters in this; it’s literally screaming, ‘I’m phishing.’ How could no one, no automated unit test, no procedure catch this?” Jay Nasr, the chief technology officer at Kuvi and Altura, responded.

Some users emphasized that only returning the funds won’t guarantee a similar incident won’t happen and urged Trust Wallet to “tighten the loopholes.”

Trust Wallet Token Price Affected

The Trust Wallet Token (TWT) fell from $0.82 to $0.76 just a few hours after the hack, but soon regained traction. TWT is currently back to the $0.82 zone, with a market cap of $353 million.

According to data from DefiLlama, Trust Wallet made a $13.59 million profit in 2025 so far, a 25% decline from 2024’s $18.13 million profit.

The leading crypto wallet claimed last week that its user base had crossed 220 million in 2025.

