Highlights:
- The Trust Wallet hack shows how a single update can put user funds at risk.
- Browser extensions remain a major weak point for crypto wallet security.
- The recent attacks highlight the need for faster alerts and safer update checks.
Multi-chain crypto wallet provider Trust Wallet confirmed a security breach tied to its browser extension on Thursday. Several users reported unauthorized fund outflows shortly after installing a recent extension update.
Advertisement
Blockchain investigator ZachXBT flagged the issue after receiving multiple reports within hours. Early estimates show that the losses exceed $6 million across several blockchains. The affected assets included Bitcoin, Solana tokens, and EVM-based cryptocurrencies.
According to ZachXBT, multiple Trust Wallet users reported unauthorized fund outflows from their wallet addresses within the past few hours. The root cause has not yet been confirmed, but the incidents occurred after Trust Wallet’s Chrome extension released an update yesterday.…
— Wu Blockchain (@WuBlockchain) December 25, 2025
Users reported that wallet drains occurred within minutes of normal extension activity. Many reports surfaced during the Christmas holiday period, when users returned to check balances. On-chain data indicated that attackers moved funds to several receiving addresses. In addition to this, blockchain trackers have noticed rapid exchanges among wallets to minimize traceability.
Further reports showed that victims shared a common factor before the theft. Each affected user had installed the new Trust Wallet browser extension update. Some users said they noticed no unusual prompts or warnings before the drains. In several cases, transactions occurred within a four-minute window. This speed left users little time to react or move funds.
Trust Wallet hack Linked to Extension Version 2.68
Trust Wallet later confirmed that the issue affected Browser Extension version 2.68 only. The company urged users to disable that version and upgrade immediately to version 2.69. ZachXBT said the number of affected users rose into the hundreds. He added that attackers siphoned funds across Bitcoin, Solana, and EVM-compatible networks. However, investigators said the precise technical root cause remained under review.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
Several users reported that importing a seed phrase triggered immediate wallet draining. Security researchers clarified that browser extensions run with high system permissions. These permissions include access to storage, cookies, and browsing. Attackers are able to steal sensitive credentials without initiating endpoint defenses when they are misconfigured. Consequently, attacks that rely on extensions cannot be detected early.
On-chain analysis showed that the attackers split the stolen funds across several addresses. Arkham-linked data suggested that exploiters used multiple wallets to receive assets. Shortly after, attackers moved portions of the funds across chains. Some assets later appeared to move toward centralized exchanges. Investigators said these steps often complicate tracing and recovery efforts.
In a separate industry incident, Balancer confirmed a major exploit earlier last month. Attackers drained more than $129 million from Balancer v2 liquidity pools. Blockchain security firms PeckShield and Spot On Chain flagged large vault outflows across several chains. The case revealed that there are persistent security threats in established DeFi platforms.
Company Response and Broader Security Context
Trust Wallet stated that mobile-only users and other extension versions were not affected. The company said customer support teams had contacted impacted users regarding next steps. Trust Wallet also advised users to avoid opening the extension until completing the update. Founder Changpeng Zhao said the company would cover verified losses. He added that user funds remained protected following the incident.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
— CZ 🔶 BNB (@cz_binance) December 26, 2025
Meanwhile, other platforms have faced similar security issues in recent months. Arcadia Finance reported a breach on the Base blockchain. According to Cyvers, an attacker exploited Arcadia’s Rebalancer contract in under one minute. The attacker used swap data parameters to induce unauthorized asset transfers.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
