top of page
Search

Trust Wallet Urges Users to Update Chrome Extension After $7M Breach

  • Dec 27, 2025
  • 2 min read

Key Findings


  • Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses.

  • The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds.

  • Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue.

  • The company stated it will ensure all affected users are refunded, with supporting impacted users being the top priority.


Background


Trust Wallet is a popular non-custodial cryptocurrency wallet that allows users to store and manage digital assets across multiple blockchains via a mobile app and a Chrome extension for accessing decentralized applications (dApps).


Incident Details


  • Version 2.68 of the Trust Wallet Chrome extension contained malicious code that iterated through all stored wallets and prompted users to enter their mnemonic (recovery) phrases.

  • The encrypted mnemonic phrases were then decrypted using the user's password and sent to an attacker-controlled server, api.metrics-trustwallet[.]com.

  • The domain for this server was registered on December 8, 2025, with the malicious activity starting on December 21.

  • The attackers also leveraged the open-source posthog-js analytics library to collect additional wallet user data.

  • Security researchers at SlowMist suggest the attack may have been carried out by an Advanced Persistent Threat (APT) group.


Incident Impact


  • Trust Wallet has confirmed that approximately $7 million was impacted by the security incident.

  • Blockchain security firm PeckShield reported that threat actors stole over $6 million in crypto, with most funds sent to exchanges and about $2.8 million still held in attacker wallets.

  • In a parallel attack, threat actors also launched a phishing campaign, exploiting user panic by directing victims to a fake Trust Wallet website that prompted them to enter their wallet recovery seed phrases.


Trust Wallet's Response


  • The company has urged all users to immediately update their Chrome extension to version 2.69 to mitigate the issue.

  • Trust Wallet stated that supporting affected users is their top priority and that they are actively finalizing the process to refund the impacted users.

  • The company advised users to avoid messages outside of its official channels and to be cautious of any requests for their wallet recovery phrases.


Sources


  • https://securityaffairs.com/186163/cyber-crime/trust-wallet-warns-users-to-update-chrome-extension-after-7m-security-loss.html

  • https://finance.yahoo.com/news/trust-wallet-hit-malicious-7m-084232843.html

  • https://thedefiant.io/news/hacks/trust-wallet-confirms-usd7m-stolen-in-browser-extension-hack

  • https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/

Recent Posts

See All
Claude Opus Generated a Chrome Exploit for $2,283

Key Findings Claude Opus 4.6 successfully generated a functional Chrome exploit chain for $2,283 in API costs across 2.33 billion tokens The exploit targeted Discord's bundled Chrome version 138, whic

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page