top of page
Search

Trust Wallet Suffers $7 Million Security Breach

  • Dec 26, 2025
  • 2 min read

Key Findings


  • Trust Wallet, a popular non-custodial cryptocurrency wallet, has suffered a security breach that resulted in the loss of approximately $7 million in digital assets.

  • The issue was caused by a vulnerability in version 2.68 of the Trust Wallet Chrome extension, which has around one million users.

  • The malicious code in the affected extension version was designed to extract the mnemonic phrases (recovery seeds) of all wallets stored in the extension, and then send the encrypted data to an attacker-controlled server.

  • The stolen funds include around $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum.

  • Trust Wallet has urged users to immediately update their Chrome extension to version 2.69 to mitigate the issue and has promised to refund all affected users.


Background


Trust Wallet is a popular non-custodial cryptocurrency wallet that allows users to store and manage digital assets across multiple blockchains through a mobile app and a Chrome extension for dApps. The wallet has been owned by Binance, the largest cryptocurrency exchange, since 2018.


Malicious Code Injection


According to the security firm SlowMist, the vulnerability was introduced in version 2.68 of the Trust Wallet Chrome extension. The malicious code was designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet. The encrypted mnemonic phrases were then sent to an attacker-controlled server (api.metrics-trustwallet[.]com).


Attacker's Tactics and Stolen Funds


The attackers leveraged an open-source full-chain analytics library named posthog-js to harvest wallet user information. The stolen digital assets include around $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum. The stolen funds have been moved through centralized exchanges and cross-chain bridges for laundering and swapping.


Potential Involvement of a Nation-State Actor


SlowMist researchers suggest that the attack may have been carried out by an advanced persistent threat (APT) group, indicating the possibility of a nation-state actor's involvement. They note that the attackers may have gained control of Trust Wallet-related developer devices or obtained deployment permissions prior to the attack.


Refund Process and User Advice


Trust Wallet has confirmed that it will refund all affected users and is actively finalizing the process. The company has urged users to update their Chrome extension to version 2.69 immediately and to refrain from interacting with any messages that do not come from its official channels. Mobile-only users and other browser extension versions are not affected.


Sources


  • https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html

  • https://securityaffairs.com/186163/cyber-crime/trust-wallet-warns-users-to-update-chrome-extension-after-7m-security-loss.html

  • https://forklog.com/en/trust-wallet-users-suffer-7-million-hack/

  • https://www.benzinga.com/crypto/25/12/49590860/changpeng-zhao-owned-trust-wallet-to-cover-7-million-user-losses-after-security-breach

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page