top of page
Search

Trust Wallet Urges Users to Update Chrome Extension After $7M Breach

  • Dec 27, 2025
  • 2 min read

Key Findings


  • Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses.

  • The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds.

  • Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue.

  • The company stated it will ensure all affected users are refunded, with supporting impacted users being the top priority.


Background


Trust Wallet is a popular non-custodial cryptocurrency wallet that allows users to store and manage digital assets across multiple blockchains via a mobile app and a Chrome extension for accessing decentralized applications (dApps).


Incident Details


  • Version 2.68 of the Trust Wallet Chrome extension contained malicious code that iterated through all stored wallets and prompted users to enter their mnemonic (recovery) phrases.

  • The encrypted mnemonic phrases were then decrypted using the user's password and sent to an attacker-controlled server, api.metrics-trustwallet[.]com.

  • The domain for this server was registered on December 8, 2025, with the malicious activity starting on December 21.

  • The attackers also leveraged the open-source posthog-js analytics library to collect additional wallet user data.

  • Security researchers at SlowMist suggest the attack may have been carried out by an Advanced Persistent Threat (APT) group.


Incident Impact


  • Trust Wallet has confirmed that approximately $7 million was impacted by the security incident.

  • Blockchain security firm PeckShield reported that threat actors stole over $6 million in crypto, with most funds sent to exchanges and about $2.8 million still held in attacker wallets.

  • In a parallel attack, threat actors also launched a phishing campaign, exploiting user panic by directing victims to a fake Trust Wallet website that prompted them to enter their wallet recovery seed phrases.


Trust Wallet's Response


  • The company has urged all users to immediately update their Chrome extension to version 2.69 to mitigate the issue.

  • Trust Wallet stated that supporting affected users is their top priority and that they are actively finalizing the process to refund the impacted users.

  • The company advised users to avoid messages outside of its official channels and to be cautious of any requests for their wallet recovery phrases.


Sources


  • https://securityaffairs.com/186163/cyber-crime/trust-wallet-warns-users-to-update-chrome-extension-after-7m-security-loss.html

  • https://finance.yahoo.com/news/trust-wallet-hit-malicious-7m-084232843.html

  • https://thedefiant.io/news/hacks/trust-wallet-confirms-usd7m-stolen-in-browser-extension-hack

  • https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page