3 Minutes
Trust Wallet to reimburse $7 million after extension exploit
Trust Wallet confirmed a security breach in its browser extension that led to roughly $7 million in user losses on Christmas Day. The incident affected users running extension version 2.68 on desktop platforms. Trust Wallet advised an immediate upgrade to version 2.89 to mitigate further risk. Binance co-founder Changpeng Zhao (CZ) announced that the lost funds will be covered, providing a temporary backstop for affected customers.
How the breach unfolded and the role of a backdoor
Security researchers from SlowMist say the attack appears to have been planned well in advance. Yu Xian, SlowMist co-founder, reported that preparations began around December 8, a backdoor was implanted on December 22, and funds were actively transferred on December 25. The malicious update not only drained crypto balances but also exported sensitive personal information to an attacker-controlled server, raising significant concerns about user privacy and credential exposure.
Crypto hack volume over time, personal wallet hack proportion with 2025 adjustment scenario for the Bybit hack.
On-chain investigator ZachXBT estimated that "hundreds" of Trust Wallet users were impacted.
Insider suspicions and supply-chain implications
Observers in the crypto community flagged indicators that suggest insider access or compromised processes. The attacker was reportedly able to publish a new version of the extension on the Trust Wallet website and displayed detailed knowledge of the extension's source code, leading experts like Anndy Lian and industry voices to label an insider-assisted attack as "highly likely." SlowMist's analysis reinforced this assessment, noting that the attacker implemented a targeted backdoor designed to harvest user data and private keys.
Industry context: wallet security and theft trends
Wallet exploits remain a major threat in decentralized finance and self-custody. Chainalysis data shows that personal wallet compromises made up a substantial portion of stolen crypto value in 2025 (excluding a large Bybit incident), highlighting the ongoing vulnerability of browser and extension-based wallets. While $7 million is a significant loss for retail users, it is smaller than some recent high-profile personal wallet incidents — for example, the Axie Infinity co-founder reported roughly $9.7 million in Ether stolen in early 2024.
Immediate steps for users and recommendations
Users should update Trust Wallet extensions to the advised 2.89 release immediately, revoke suspicious approvals, and move funds to cold storage or a fresh wallet if any compromise is suspected. Enable hardware wallets for large holdings and use rigorous operational security: verify extension sources, avoid installing unverified builds, and monitor on-chain activity. For exchanges and wallet providers, the incident underscores the need for hardened release controls, supply-chain security audits, and internal access monitoring.
Trust Wallet serves a large user base, and the incident will likely prompt renewed scrutiny of browser-extension risks, insider threat detection, and the broader security posture across the crypto ecosystem. Binance's decision to cover losses may reduce immediate financial harm to users, but the event reinforces that robust security practices remain essential for protecting crypto assets and private keys.
Source: cointelegraph
Leave a Comment