Trust Wallet Suffers Critical Security Breach via Chrome Extension

A major security breach has struck Trust Wallet users following an update to its Chrome browser extension. After the rollout of version 2.68.0, users reported their cryptocurrency holdings being drained rapidly—within minutes of entering recovery phrases on the compromised extension. The security breach affected balances across Bitcoin, Ethereum, and BNB, with preliminary estimates suggesting losses in the millions. This incident has reignited serious concerns about the inherent risks of browser-based cryptocurrency storage solutions.

Coordinated Attack Drains Multiple Wallets

Blockchain researcher ZachXBT uncovered suspicious transaction patterns that revealed the organized nature of the breach. Following the extension update, numerous Trust Wallet addresses experienced unexpected outflows in rapid succession. Rather than gradual fund transfers, attackers moved entire balances in single aggressive transactions to intermediary addresses within seconds.

The blockchain analysis showed a clear modus operandi: attackers targeted specific asset holdings (Bitcoin, Ethereum, and BNB), completely emptying each wallet and then routing the stolen funds through multiple layers of addresses. The consistency of these transaction patterns across dozens of compromised wallets strongly suggests this was a coordinated and systematic attack rather than isolated incidents.

What made this security breach particularly concerning was the speed of execution. Once users entered their seed phrases into the malicious extension, the compromise was nearly instantaneous, leaving little opportunity for intervention or detection by monitoring systems.

Losses Tracked to $4.3 Million and Beyond

Available blockchain data traces at least $4.3 million in cryptocurrency moving from compromised wallets to suspicious addresses associated with the attackers. However, this figure represents only publicly tracked transactions and reported incidents. Security researchers believe the actual scale of the security breach may be substantially larger, with additional unreported losses from users who haven’t yet disclosed their compromised status.

ZachXBT identified key intermediary addresses where stolen funds accumulated before being dispersed further. The analysis revealed these addresses withdrew assets from numerous compromised wallets and displayed virtually identical transaction signatures, reinforcing the evidence of centralized coordination behind the attack.

Swift Response and Recovery Measures

Recognizing the gravity of the situation, the Trust Wallet development team moved quickly to contain the breach. On December 26, 2025, they issued an official statement clarifying that the security vulnerability was isolated to the Chrome Extension version 2.68.0. The team immediately advised users to disable the compromised extension and upgrade to version 2.69, which included critical security patches.

The official disclosure acknowledged the severity of the security breach while emphasizing that an active investigation was underway to identify the root cause and prevent similar incidents. The rapid patch deployment—upgrading from 2.68.0 to 2.69—represented a prompt attempt to limit further exposure.

This incident underscores the persistent vulnerability inherent in browser-based cryptocurrency management. While browser extensions offer convenience, they also present a larger attack surface compared to hardware wallets or offline storage solutions. As the cryptocurrency industry continues to mature, the security breach affecting Trust Wallet serves as another reminder of the critical importance of using multiple security layers and considering the trade-offs between accessibility and protection when managing digital assets.