Trust Wallet has reported that hackers who infiltrated its browser extension shortly before Christmas managed to steal around $7 million from close to 3,000 cryptocurrency wallets.

This wallet service, utilized by over 200 million individuals according to its official claims, enables users to securely store, send, receive, and manage a variety of cryptocurrencies including Bitcoin, Ethereum, and Solana, via a browser extension as well as free mobile applications for iOS and Android.

Established in 2017, Trust Wallet was bought by Binance, one of the largest cryptocurrency exchanges globally, in the following year. Even post-acquisition, it functions independently as a decentralized wallet application.

As reported by BleepingComputer, the breach on December 24 resulted in approximately $7 million being pilfered from the hacked wallets. This incident occurred after the release of version 2.68.0 of its Chrome extension, which was compromised to include a harmful JavaScript file that extracted sensitive wallet information.

Trust Wallet confirmed the hack following an inquiry from BleepingComputer and urged users to promptly update to version 2.69 to prevent further thefts.

“The compromised extension v2.68 was NOT distributed through our standard internal procedures. Our current investigations indicate it was likely published externally via a compromised Chrome Web Store API key, circumventing our usual release protocols,” explained CEO Eowyn Chen.

“Preliminary findings (still being investigated): It appears that the hackers leveraged a leaked Chrome Web Store API key to submit the malicious extension v2.68, which passed through Chrome Web Store’s review process and was made public on December 24, 2025, at 12:32 UTC.”

In reaction to this incident, Trust Wallet has invalidated all release APIs to prevent any new versions from being published over the subsequent two weeks. Furthermore, they reported the malicious domain involved in the data exfiltration to NiceNIC, the domain registrar, which took swift action to suspend it.

Despite these measures, as found by BleepingComputer, the attackers escalated their efforts, launching a phishing campaign that exploited the panic surrounding the incident. This campaign involved a website masquerading as Trust Wallet, prompting users to enter their wallet recovery seed phrases under the guise of receiving an “important scheduled security update.”

​Thousands of Crypto Wallets Affected

Since then, Trust Wallet has disclosed that approximately 3,000 wallets were affected by the theft, and it has committed to reimbursing all impacted users.

“To date, we have identified 2,596 wallet addresses at risk. This figure reflects around 5,000 claims we’ve received, pointing to a notable number of fraudulent or duplicate submissions made by individuals attempting to access reimbursements,” Chen stated on Monday.

“Given this situation, verifying wallet ownership is crucial to guarantee that funds return to their rightful owners. Our team is working diligently to verify claims by combining various data points to separate legitimate victims from malicious actors.”

Concurrently with the investigation, Trust Wallet has commenced the reimbursement process for affected users, requesting their contact details, the compromised wallet addresses, the hacker’s address, and the transaction hashes associated with the theft via a dedicated claim form. Users are cautioned against sharing “any private keys, seed phrases, or passwords.”

“To initiate the compensation process, affected users should please fill out this form: https://be-support.trustwallet.com to facilitate the case processing. Our support team is prioritizing victims of this incident and has already begun reviewing submissions,” the company stated.

“We sincerely apologize for the frustration and disruption this situation has caused. We are working relentlessly to finalize details for the compensation process, as each case necessitates careful verification for accuracy and security.”

Trust Wallet cautioned users about ongoing scams, including imposters posing as support personnel on platforms like Telegram and circulating fraudulent compensation forms.

Moreover, Trust Wallet advised users to always verify the authenticity of links, refrain from sharing their recovery phrases, and utilize only official communication channels for Trust Wallet.

Broken IAM isn’t just an IT problem – the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.

Get the guide