- The Extension v2.68 breach led to $7M in losses across BTC, Solana, and EVM due to seed theft.
- Researchers flagged 4482.js code and a suspicious domain, raising supply-chain concerns.
- Trust Wallet pushed a v2.69 fix, urged users to disable the extension, and pledged compensation.
Trust Wallet confirmed a security breach tied to its browser extension, leading to widespread unauthorized crypto outflows. The incident affected users who installed version 2.68 shortly before Christmas, according to Trust Wallet statements on X. Hackers exploited the update, extracted seed phrases, and drained around $7 million across Bitcoin, Solana, and EVM networks.
Notably, the breach did not affect mobile-only users or other extension versions, the company said. However, the timing, scale, and speed of losses intensified concern across the self-custody community.
Extension Update Linked to Fast Wallet Drains
Trust Wallet released a browser extension update on December 24 through standard browser distribution channels. Soon after, users reported missing funds, with transactions occurring within minutes of wallet access. Several victims stated drains followed immediately after importing seed phrases into the extension.
Notably, on-chain investigator ZachXBT issued an after receiving multiple independent user reports. He later stated that hundreds of wallets were affected, with initial losses exceeding $6 million. Subsequent tracking showed funds moving through multiple receiving addresses, according to Arkham data.
Meanwhile, affected blockchains included Bitcoin, Solana, and several EVM-compatible networks. This multi-chain impact suggested a wallet-level compromise rather than a single protocol exploit. As reports spread on X and Telegram, scrutiny quickly shifted toward the extension update itself.
Code Analysis Raises Supply-Chain Concerns
Following the s, independent researchers examined the extension’s updated codebase. According to shared analyses, a JavaScript file, identified as 4482.js, contained newly added logic. Researchers alleged the code was activated during seed phrase imports.
Notably, the code appeared to transmit data to a domain labeled metrics-trustwallet[.]com. Community researchers observed that the domain was registered only days earlier, then went offline. However, these findings came from third-party analysis, not an official audit.
Meanwhile, Trust Wallet acknowledged a “security incident” affecting browser extension version 2.68 only. The company advised users to disable the extension immediately and upgrade to version 2.69. Trust Wallet stated that the update fixed the issue and urged users to download only from official stores.
Related: Hyperliquid Says Former Employee Was Behind HYPE Shorting
User Impact, Response, and Ongoing Investigation
Several users publicly detailed losses during the Christmas holiday. One user reported losing over $300,000 within a four-minute window after returning from Christmas. Others claimed losses ranging from thousands to hundreds of thousands of dollars.
Trust Wallet stated its support team contacted affected users regarding the next steps. Additionally, Binance founder Changpeng Zhao confirmed Trust Wallet would cover verified losses. “So far, $7m affected by this hack,” Zhao wrote, adding that user funds remain SAFU.
Notably, Zhao owns Trust Wallet, which Binance acquired in 2018. The company did not name the attacker and said the incident was caused by an issue involving a third party. Investigations are still ongoing as researchers track the remaining funds and impacted wallets.
The incident happened during a wider increase in crypto thefts throughout 2025. According to Chainalysis estimates, crypto theft exceeded $3.41 billion year-to-date. The Trust Wallet breach added to growing concerns around browser-based wallet security.
Trust Wallet reiterated that mobile users remained unaffected throughout the incident. The company continued posting updates as investigations progressed. Meanwhile, users were urged to avoid importing seed phrases into browser extensions.
The Trust Wallet browser extension breach happened after a December 24 update, which led to wallets being drained quickly. Investigators tied losses of around $7 million to version 2.68, impacting users on Bitcoin, Solana, and EVM networks. Trust Wallet released fixes, confirmed plans to compensate affected users, and is still working with those impacted.
