Trust Wallet Vanishes from Chrome – $7M Hack Victims Stuck in Limbo as Claims Tool Remains Elusive
Trust Wallet's Chrome extension just went dark, leaving a trail of digital dust and $7 million in unresolved crypto losses. The platform's sudden disappearance from the web store isn't a glitch—it's a full retreat, pulling the plug on one of its most accessible gateways.
The Aftermath: A Waiting Game
Victims of last year's smart contract exploit are now staring at a void where a promised claims portal should be. The $7 million figure isn't just a statistic; it's a collective hole in portfolios, a sum now frozen in bureaucratic purgatory. The 'coming soon' notice for the reimbursement tool has started to feel less like a timeline and more like a mantra.
Security Theater or Strategic Reset?
Pulling the extension could be a drastic security overhaul—a scorched-earth policy to rebuild from a clean slate. Or, it's a containment move, cutting off a potential attack vector while the core team patches deeper vulnerabilities. Either way, it leaves users in the lurch, forced to migrate to mobile or desktop apps with zero warning.
The Finance Sector's Ironic Wink
Here's the cynical twist: in traditional finance, a $7 million loss would trigger regulators, insurance claims, and maybe a congressional hearing. In crypto? It's a Tuesday. The industry's 'move fast and break things' ethos often means users are left holding the broken pieces—and footing the bill while waiting for a fix that treats their funds like an afterthought.
Trust Wallet's silence isn't just inconvenient; it's a stark reminder that in the decentralized wild west, your security is only as strong as the platform's willingness to face its own failures head-on. The ball is in their court—victims are watching, wallets are empty, and trust is the real asset bleeding out.
while releasing a new version that includes a feature to help reimbursement claimants submit verification codes from their extension…
— Eowync.eth (@EowynChen) December 31, 2025
The delayed update was meant to introduce a verification feature designed to help victims of the Christmas Day hack confirm wallet ownership and submit reimbursement claims securely.
Chen said Google has acknowledged the issue and is escalating it internally, while warning users to stay alert for fake or impersonated versions of the extension circulating online.
Attackers Exploited Fake Trust Wallet Update to Steal Funds
The outage comes as Trust Wallet continues to manage the fallout from a security breach that began unfolding in late December.
On December 25, the company confirmed that a malicious version of its Chrome browser extension, version 2.68, had been distributed through the Chrome Web Store outside its normal release process.
The compromised extension allowed attackers to access sensitive wallet data and execute unauthorized transactions, leading to millions of dollars in losses.
Multiple Trust Wallet users experienced unauthorized fund outflows on Thursday due to a new browser extension theft. Losses are estimated to surpass $6 million.#TrustWallet #CryptoTheft #TrustWalletThefthttps://t.co/mchzwWAHK3
Trust Wallet’s internal investigation shows that only users who installed version 2.68 and logged into their wallets between December 24 and December 26 were affected.
Mobile app users, users on other extension versions, and those who installed or logged in after December 26 were not impacted.
The company said it identified 2,520 wallet addresses that were drained during the incident, with roughly $8.5 million in assets linked to 17 attacker-controlled wallets.
The wallet, though, noted that some of those attacker addresses also targeted wallets unrelated to Trust Wallet.
Security researchers later confirmed that the malicious build appeared legitimate and passed Chrome’s review process but contained hidden code capable of extracting recovery phrases.
Several users said simply importing a seed phrase into the extension triggered immediate fund outflows across multiple blockchains.
Trust Wallet Cleans Up Extension Hack; Flags Rise in Fake Compensation Scams
Trust Wallet traced the breach back to a wider supply chain attack known as Sha1-Hulud, which surfaced in November and affected multiple companies through compromised developer tooling.
The company said exposed GitHub secrets and a leaked Chrome Web Store API key allowed the attacker to upload the malicious extension directly, bypassing internal approval checks.
In response, Trust Wallet rolled back to a clean release, published version 2.69, and disabled compromised publishing credentials. It also declared a voluntary reimbursement scheme, which they promised to all those people who were found to be victims.
On December 29, it opened a formal claims process, where users are asked to provide wallet addresses, transaction hashes, and identifying information via an official support portal.
In its response to over 5,000 claims, the company indicated that it has been inundated with claims, given that the number of verified affected wallets is much lower, and it is a cause of concern that there could be duplicate or fake claims.
It is the cause of that discrepancy that led to the creation of another verification mechanism that was supposed to be provided with the next update of the browser extension, but was delayed by the Chrome Web Store problem.
The event continues to add to an increasing number of wallet-related escapades in the crypto industry.
Industry data shows that the proportion of personal wallet compromises has continued to increase as the share of stolen funds.
