What Happened

A widespread security breach targeting the ">Trust Wallet Chrome browser extension has resulted in more than $7 million in cryptocurrency being stolen from hundreds of user wallets, according to on-chain analyses and official updates from the wallet provider. The incident emerged after a routine update of version 2.68 of the extension was rolled out in late December.

Users who installed the compromised update reported rapid, unauthorized withdrawals from their wallets often within minutes of importing their seed phrases into the extension. Affected assets spanned multiple networks, including Bitcoin, Ethereum, Solana and other EVM-compatible tokens, indicating that the exploit was not limited to a single chain or asset type. Preliminary tracking data shows that at least hundreds of wallets were drained, with malicious transactions moving stolen funds through a network of receiving addresses shortly after the update was installed.

Wallet security investigators trace the breach to hidden malicious code embedded in the version 2.68 release, which appears to have siphoned sensitive wallet data and enabled unauthorized transaction signing. The compromised code reportedly redirected wallet interactions to a phishing domain designed to harvest seed phrases before transferring assets to attacker-controlled addresses.

Related Article : https://www.ycryptonews.com/sweden-btc-ab-secures-786k-for-bitcoin-holdings

CZ Addresses the Incident

Former Binance CEO Changpeng Zhao (CZ) later addressed the breach publicly, confirming that approximately $7 million in user funds was affected.

In a post on X, Zhao said ">Trust Wallet will fully compensate impacted users, adding that “user funds are SAFU.” He acknowledged the disruption caused by the incident and said the team is still investigating how attackers were able to submit a malicious version of the Chrome extension. His statement aimed to reassure users while underscoring the seriousness of the breach.

Why It Matters

This breach highlights significant risks associated with browser-based wallet extensions, which operate with elevated privileges and broad access to user data. Unlike mobile or hardware wallets, browser extensions sit within web environments that can be exposed to malicious scripts, supply-chain compromises, or unauthorized code injection during routine updates.

The attack underlines the potential for supply chain vulnerabilities in self-custody tools, where users trust both the provider and the update mechanism. When a routine update is compromised, users may inadvertently expose private keys or sign transactions without realizing it. This type of exploit can be especially damaging because wallet interactions often occur without additional verification beyond entering the seed phrase or approving a request.

The timing of the incident occurring around a major holiday period likely contributed to slower detection and response among affected users. Many victims reported discovering losses only after returning to their devices, underscoring how quickly automated exploits can drain accounts.

Response and Remediation

Trust Wallet’s team quickly acknowledged the incident and identified the vulnerability as affecting only browser extension version 2.68. Users were strongly urged to disable that version immediately and update to version 2.69, which includes security patches intended to prevent further unauthorized access. The wallet provider noted that mobile apps and other extension versions were not impacted by the breach.

The founder and principal backer of the project publicly stated that the platform will compensate all affected users for their losses. This commitment to reimburse victims may help mitigate backlash and maintain trust among the broader user base, but it also raises questions about how self-custody platforms handle liability and customer protection when software vulnerabilities are exploited.

Security researchers continue to investigate how malicious code bypassed quality checks and made its way into an official update channel, as this attack technique resembles a supply chain compromise rather than a simple phishing link or user error. Analysts caution that similar vectors remain viable threats across other wallet extensions if proper safeguards are not enforced.

Broader Implications for Wallet Security

The Trust Wallet incident adds to a pattern of high-profile security breaches in the crypto ecosystem that exploit software distribution mechanisms rather than direct protocol flaws. Because self-custody wallets give users full control over their keys and assets, any compromise at the software layer can lead to irreversible losses, as blockchain transactions cannot be rolled back once executed.

Experts recommend that users consider storing significant assets in more secure environments, such as hardware wallets or trusted mobile clients, and avoid entering seed phrases into browser extensions unless absolutely necessary. Reviewing permissions regularly, revoking unused access, and monitoring for unusual activity are also advised to reduce exposure to similar attacks.

Related Article : https://www.ycryptonews.com/circle-euro-stablecoin-eurc-hits-e300m-mark