Trust Wallet Vows To Cover $7M Lost In Christmas Day Hack, CZ Confirms
Trust Wallet just made a $7 million promise—and the crypto world is watching.
The Holiday Heist
A Christmas Day breach hit the popular self-custody wallet. The details are still emerging, but the result was clear: users lost millions.
The Billion-Dollar Pledge
In a swift move, the company behind the wallet pledged to cover the full $7 million in losses. The announcement came straight from Binance founder Changpeng Zhao, adding heavyweight credibility to the promise.
Trust in the Balance
This isn't just about reimbursing funds. It's a high-stakes play to protect the most valuable asset in crypto: user confidence. When a platform that champions 'your keys, your crypto' gets compromised, the fallout is more than financial.
The industry has seen exchanges collapse and protocols evaporate, leaving users holding the bag. This pledge is a direct counter-narrative—a bet that honoring security failures can build more trust than pretending they never happen. It's a refreshing, if expensive, dose of accountability in a space that sometimes treats user funds like a venture capitalist's play money.
Zhao Confirms User Refunds After Trust Wallet Hack
Binance co-founder Changpeng Zhao addressed the public about the hack following reports of a breach. Trust Wallet will refund all users affected and take a hit for the losses, he said. Zhao admitted that the hack was a very serious breach and that rebuilding users’ trust was crucial in a time when crypto security is increasingly coming under scrutiny.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
Additional analysis revealed that the Trust Wallet Hack had been actively ongoing since the beginning of December. Yu Xian, cofounder of blockchain security firm SlowMist, disclosed the exploit was not carried out until December 8. On December 22, they managed to inject a harmful backdoor into the extension. Money was then moved out on Christmas Day, with the breach eventually discovered there.
The malicious code did not just drain down digital assets. Investigators found out that the code of the malicious attack also collected personal user information, which was posted to servers controlled by the attacker. According to ZachXBT, a blockchain researcher, the attack affected hundreds of users, which suggests that it did not affect a small number of victims.
The industry has serious concerns over the execution of the exploit. The attacker was able to pass a modified version of the extension via official distribution platforms. This made some professionals doubt the possibility of internal access being a factor.
Experts Flag Possible Insider Role in Trust Wallet Breach
Anndy Lian, who serves as an intergovernmental blockchain adviser, described the event as very peculiar and believed there was a high chance of insider involvement. Zhao subsequently claimed that the hack was most likely done with insider information.
Slowmist Xian noted that the attacker also showed a DEEP understanding of Trust Wallet’s source code. That familiarity also served to provide the backdoor with legitimacy, thus avoiding an early detection. Security experts say the issue reflects vulnerabilities in internal review processes and systems that approve updates.
The Trust Wallet Hack is one of several cryptocurrency wallet thefts in 2025. Personal wallet hacks have made up about 37% of the value lost in stolen cryptocurrency this year, not including the $1.4 billion Bybit hack in February, according to Chainalysis. Though the Trust Wallet losses were not as large as in some previous attacks, they point again to ongoing risks.
Industry leaders warn that the breach serves as another reminder to continuously monitor crypto security. Star Xu, the founder of OKX, said that these types of incidents demonstrate that security work is never done, and even trusted platforms can be vulnerable if proper precautions are not taken.
