Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / CryptotimesIO /
Trust Wallet Chrome Extension Hack: Over $6M Drained from Users, Reports ZachXBT

Trust Wallet Chrome Extension Hack: Over $6M Drained from Users, Reports ZachXBT

Author:
CryptotimesIO
Published:
2025-12-26 00:55:21
7
3

Another day, another crypto wallet gets a multimillion-dollar haircut.

The Breach

A security flaw in the Trust Wallet browser extension opened the digital vault for attackers. The exploit didn't need fancy phishing—it bypassed standard protections and went straight for the funds. Over $6 million in user assets vanished before anyone could hit the brakes.

The Aftermath

Blockchain investigator ZachXBT sounded the alarm, tracing the digital breadcrumbs across wallets. The incident throws cold water on the 'self-custody is safest' mantra—turns out, your security is only as strong as the extension's weakest line of code. It's a stark reminder that in crypto, you're not just your own bank; you're also the entire cybersecurity department.

The Takeaway

This hack cuts through the noise of bullish price predictions. While traders chase the next ATH, foundational security tools are crumbling. It's the finance sector's classic irony: building skyscrapers on sand. Until the industry prioritizes ironclad security over speculative hype, these multi-million dollar 'withdrawals' will keep happening—just not to the account holders.

Extension update linked to sudden wallet drains

Trust Wallet later confirmed on X that the incident impacted Browser Extension version 2.68. The company urged users to immediately upgrade to version 2.69 and advised those still on the affected version to disable the extension until the update is complete.

“Users with Browser Extension 2.68 should disable and upgrade to 2.69,” Trust Wallet said, adding that mobile-only users and other extension versions were not affected. Several user reports claimed that funds vanished immediately after importing seed phrases into the updated extension 2.68. 

We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.

Please refer to the official Chrome Webstore LINK here: https://t.co/V3vMq31TKb

Please note: Mobile-only users…

— Trust Wallet (@TrustWallet) December 25, 2025

On-chain data reviewed by ZachXBT showed rapid transfers involving Bitcoin, Ethereum, and Solana, with funds routed through multiple receiving addresses in a consistent pattern. The activity concentrated in the hours following the update rollout, suggesting a narrow but impactful attack window.

On-chain data shows multi-million dollar impact

According to publicly available blockchain information, ZachXBT found several addresses that were being paid by hundreds of affected wallets.

Early estimates placed losses above $6 million, while visible on-chain transfers accounted for at least $4.3 million. The final figure could rise as more victims come forward.

Trust Wallet said it is actively investigating the issue but has not publicly disclosed the root cause or whether the extension update directly enabled the exploit. As of press time, the company has not announced recovery options or mitigation measures beyond upgrading the extension.

CZ reacts to Trust Wallet Hack

Binance founder Changpeng Zhao (CZ) addressed the incident on X, saying “So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.”

He added that, “The team is still investigating how hackers were able to submit a new version.”

Why this incident matters

The Trust Wallet incident raises the issue of increasing risks associated with browser extensions, which typically deal with private keys and seed phrases. In contrast to smart contract exploits, wallet-level attacks may result in immediate and irreparable losses, and users have little to do about it.

The incident is also part of a larger trend of increasing crypto theft. According to Chainalysis estimates, attackers stole more than $3.41 billion in cryptocurrency between January and early December this year, slightly higher than last year’s total. 

Many of these incidents involved phishing attacks, compromised third-party services, or wallet vulnerabilities.

Similar breaches raise broader security concerns

Decentralized prediction platform Polymarket, earlier this week, verified that a recent hack was a result of a vulnerability in a third-party authentication provider, and not its own systems.

There, the attackers emptied user accounts following the use of external login infrastructure, which highlights the importance of dependencies that are not part of Core platforms in creating severe risks.

The combination of these events demonstrates that wallet providers and crypto platforms are still appealing targets, despite the absence of direct protocol failures.

The Trust Wallet case contributes to the existing discussions on user security, extension-based wallets, and the necessity of more robust protection of the crypto ecosystem as a whole.

Also Read: 2025 Crypto Hacks Hit $6.5B as Stolen Funds Jump 51% Yearly

    

Google News

mobile only image

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.