Trust Wallet Chrome Extension Hacked: $7M Stolen in Christmas Day Supply-Chain Attack

TLDR:

• Malicious code in Trust Wallet Chrome extension version 2.68 stole seed phrases and drained $7 million total.
• Individual victims lost between $50,000 and $800,000 across Bitcoin, Ethereum, and Solana blockchain networks.
• Binance co-founder CZ confirmed Trust Wallet will reimburse all affected users and cover the complete $7M loss.
• Users must avoid version 2.68 and upgrade to version 2.69 immediately; mobile wallets remained unaffected.

Trust Wallet suffered a major security breach on December 25 when malicious code infiltrated version 2.68 of its Chrome browser extension. 

The attack compromised user seed phrases and resulted in approximately $7 million in cryptocurrency losses across Bitcoin, Ethereum, and Solana networks. 

Binance co-founder Changpeng Zhao confirmed that affected users would receive full reimbursement for their losses.

Supply Chain Attack Targets Browser Extension Users

The breach occurred through a supply-chain attack that specifically targeted Trust Wallet’s Chrome extension update. Malicious actors injected code designed to steal seed phrases, which are crucial security elements that grant access to cryptocurrency holdings. 

Once compromised, these phrases allowed hackers to authorize transfers and drain funds from affected wallets.

On-chain investigators ZachXBT and Lookonchain tracked the stolen funds and confirmed their movement to various cryptocurrency exchanges. Individual losses ranged from $50,000 to $800,000 per victim. 

The timing of the attack, coinciding with the Christmas holiday, raised concerns about the coordinated nature of the breach.

Trust Wallet’s development team acted quickly upon discovering the compromise. The company released version 2.69 of the extension within hours and urged all users to upgrade immediately. 

Mobile wallet users and those using other browser extensions remained unaffected by the security incident.

Binance Pledges Full Coverage of User Losses

Changpeng Zhao, commonly known as CZ, addressed the incident through social media platforms. He stated that Trust Wallet would cover all losses incurred by affected users. His message emphasized that user funds remained secure despite the breach. 

CZ acknowledged the inconvenience caused while investigations continued into how the compromised version gained approval.

The wallet team issued urgent warnings advising users to avoid opening version 2.68 entirely. Instead, users should download and install version 2.69 immediately to protect their holdings. 

The company stressed that only Chrome extension users who updated to the compromised version faced potential exposure.

This incident reflects broader trends in cryptocurrency security challenges. According to Chainalysis, crypto theft reached $6.75 billion in 2024. 

Personal wallet compromises increased dramatically from 64,000 incidents in the previous year to 158,000 cases. However, the proportion of total stolen funds from personal wallets decreased from 44% to 20%.

Investigations remain ongoing to determine how hackers successfully submitted the malicious update through official channels. 

The breach highlights vulnerabilities in software distribution systems that cryptocurrency platforms must address. Trust Wallet continues working with security experts to prevent similar attacks in the future.

The post Trust Wallet Chrome Extension Hacked: $7M Stolen in Christmas Day Supply-Chain Attack appeared first on Blockonomi.