Trust Wallet Chrome Extension Hack Drains Over $6M from Users: ZachXBT
Key Highlights Trust Wallet confirmed a security incident tied to its browser extension version 2.68, with estimated losses exceeding $6.77 million. On-chain data shows rapid fund drains across Bitcoin,...
Key Highlights
- Trust Wallet confirmed a security incident tied to its browser extension version 2.68, with estimated losses exceeding $6.77 million.
- On-chain data shows rapid fund drains across Bitcoin, Ethereum, and BNB wallets shortly after the extension update.
- The incident adds to rising crypto theft concerns, following similar breaches linked to wallet and third-party service vulnerabilities.
Crypto wallet provider Trust Wallet has confirmed a security incident affecting a specific version of its browser extension, after on-chain investigator ZachXBT estimated that attackers drained more than $6.77 million from users’ wallets so far.
The incident has raised fresh concerns around browser-based wallet security at a time when crypto-related exploits continue to rise across the industry.
The issue surfaced on Thursday after ZachXBT issued a public alert on Telegram, warning that multiple Trust Wallet users had reported sudden and unauthorized fund transfers.
— ZachXBT (@zachxbt) December 25, 2025Yes $6M+ stolen at minimum from hundreds of Trust Wallet users.
Hopefully they will offer compensation to everyone if it’s determined they’re at fault for the incident.
It’s difficult to map out since there’s many theft addresses.
Here’s my list so far below:
EVM…
According to the investigator, users saw their balances disappear within minutes, with no signs of gradual withdrawals. Many reports appeared shortly after Trust Wallet rolled out an update to its Chrome browser extension.
Further, as per Lookonchain, the hacker has sent about $4.25 million to ChangeNOW, FixedFloat, KuCoin, and HTX.
Extension update linked to sudden wallet drains
Trust Wallet later confirmed on X that the incident impacted Browser Extension version 2.68. The company urged users to immediately upgrade to version 2.69 and advised those still on the affected version to disable the extension until the update is complete.
“Users with Browser Extension 2.68 should disable and upgrade to 2.69,” Trust Wallet said, adding that mobile-only users and other extension versions were not affected. Several user reports claimed that funds vanished immediately after importing seed phrases into the updated extension 2.68.
— Trust Wallet (@TrustWallet) December 25, 2025We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
On-chain data reviewed by ZachXBT showed rapid transfers involving Bitcoin, Ethereum, and Solana, with funds routed through multiple receiving addresses in a consistent pattern. The activity concentrated in the hours following the update rollout, suggesting a narrow but impactful attack window.
On-chain data shows multi-million dollar impact
According to publicly available blockchain information, ZachXBT found several addresses that were being paid by hundreds of affected wallets.
Early estimates placed losses above $6 million, while visible on-chain transfers accounted for at least $4.3 million. The final figure could rise as more victims come forward.
Trust Wallet said it is actively investigating the issue but has not publicly disclosed the root cause or whether the extension update directly enabled the exploit. As of press time, the company has not announced recovery options or mitigation measures beyond upgrading the extension.
CZ reacts to Trust Wallet hack
Binance Co-Founder Changpeng Zhao (CZ) addressed the incident on X, saying “So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.”
He added that, “The team is still investigating how hackers were able to submit a new version.”
Why this incident matters
The Trust Wallet incident raises the issue of increasing risks associated with browser extensions, which typically deal with private keys and seed phrases. In contrast to smart contract exploits, wallet-level attacks may result in immediate and irreparable losses, and users have little to do about it.
The incident is also part of a larger trend of increasing crypto theft. According to Chainalysis estimates, attackers stole more than $3.41 billion in cryptocurrency between January and early December this year, slightly higher than last year’s total.
Many of these incidents involved phishing attacks, compromised third-party services, or wallet vulnerabilities.
Similar breaches raise broader security concerns
Decentralized prediction platform Polymarket, earlier this week, verified that a recent hack was a result of a vulnerability in a third-party authentication provider, and not its own systems.
There, the attackers emptied user accounts following the use of external login infrastructure, which highlights the importance of dependencies that are not part of core platforms in creating severe risks.
The combination of these events demonstrates that wallet providers and crypto platforms are still appealing targets, despite the absence of direct protocol failures.
The Trust Wallet case contributes to the existing discussions on user security, extension-based wallets, and the necessity of more robust protection of the crypto ecosystem as a whole.
Also Read: 2025 Crypto Hacks Hit $6.5B as Stolen Funds Jump 51% Yearly
Delegate Your Voting Power to FEED DRep in Cardano Governance.
DRep ID: drep12ukt4ctzmtf6l5rj76cddgf3dvuy0lfz7uky08jfvgr9ugaapz4 | We are driven to register as a DRep by our deep dedication to the Cardano ecosystem and our aspiration to take an active role in its development, ensuring that its progress stays true to the principles of decentralization, security, and community empowerment.DELEGATE VOTING POWER!
