The Trust Wallet Chrome extension recently faced a significant security breach, highlighting the vulnerabilities associated with browser-based cryptocurrency wallets. On December 25, on-chain investigator ZachXBT revealed unauthorized fund outflows from Trust Wallet accounts, attributing over $6 million in losses to a suspected supply-chain attack.
What Happened?
According to ZachXBT, multiple users reported funds disappearing from their wallet addresses shortly after the release of the Trust Wallet Chrome extension update, version 2.68, on December 24. The breach involved malicious JavaScript code embedded within the update, which was activated when users imported their highly sensitive recovery phrases. These details were then transmitted to a fake website mimicking Trust Wallet’s official interface, allowing attackers to gain unrestricted access to funds.
Extent of the Damage
The breach reportedly affected users across multiple blockchains, including Ethereum, Bitcoin, and Solana. By moving stolen assets rapidly across various wallet addresses, the attackers succeeded in concealing their tracks. As of now, the estimated losses from this incident stand at over $6 million.
Trust Wallet’s Response
Trust Wallet officially acknowledged the security breach and confirmed that the issue was confined to version 2.68 of their browser extension. Users with the mobile app or alternative extension versions were unaffected. The company promptly advised users to disable the compromised extension and install the updated version directly from the official Chrome Web Store. They are currently conducting an in-depth investigation but have not announced any compensation plans for affected users.
Security Tips for Cryptocurrency Users
This breach serves as a stark reminder of the risks involved in browser-based cryptocurrency wallets, which often operate with elevated permissions. To safeguard your digital assets, consider the following safety measures:
- Revoke token approvals from the compromised wallet immediately.
- Monitor your transaction history using blockchain explorers.
- Transfer assets to a new wallet with a freshly generated recovery phrase.
- Use a hardware wallet such as the Ledger Nano X for enhanced security.
- Prefer official mobile wallet apps over browser extensions until the issue is fully resolved.
The Growing Threat of Crypto Cyberattacks
As cryptocurrency adoption surges, so does the number of cyberattacks targeting these platforms. Supply-chain attacks, phishing scams, and malware are increasingly sophisticated, exploiting vulnerabilities to steal user credentials and funds. Recent reports from blockchain analytics firm Chainalysis indicate that over $2.17 billion was stolen through similar methods in the first half of 2025 alone, underscoring the urgency for heightened security measures.
Final Thoughts
While platforms like Trust Wallet and MetaMask offer convenience, they come with inherent risks. Users must remain vigilant, stay informed, and employ advanced security protocols to protect their crypto assets. As the industry evolves, new tools and education will become crucial in mitigating these threats.
