Trust Wallet Faces Major Security Breach with Chrome Extension Update

window.litespeed_ui_events=window.litespeed_ui_events||["mouseover","click","keydown","wheel","touchmove","touchstart"];var urlCreator=window.URL||window.webkitURL;function litespeed_load_delayed_js_force(){console.log("[LiteSpeed] Start Load JS Delayed"),litespeed_ui_events.forEach(e=>{window.removeEventListener(e,litespeed_load_delayed_js_force,{passive:!0})}),document.querySelectorAll("iframe[data-litespeed-src]").forEach(e=>{e.setAttribute("src",e.getAttribute("data-litespeed-src"))}),"loading"==document.readyState?window.addEventListener("DOMContentLoaded",litespeed_load_delayed_js):litespeed_load_delayed_js()}litespeed_ui_events.forEach(e=>{window.addEventListener(e,litespeed_load_delayed_js_force,{passive:!0})});async function litespeed_load_delayed_js(){let t=[];for(var d in document.querySelectorAll('script[type="litespeed/javascript"]').forEach(e=>{t.push(e)}),t)await new Promise(e=>litespeed_load_one(t[d],e));document.dispatchEvent(new Event("DOMContentLiteSpeedLoaded")),window.dispatchEvent(new Event("DOMContentLiteSpeedLoaded"))}function litespeed_load_one(t,e){console.log("[LiteSpeed] Load ",t);var d=document.createElement("script");d.addEventListener("load",e),d.addEventListener("error",e),t.getAttributeNames().forEach(e=>{"type"!=e&&d.setAttribute("data-src"==e?"src":e,t.getAttribute(e))});let a=!(d.type="text/javascript");!d.src&&t.textContent&&(d.src=litespeed_inline2src(t.textContent),a=!0),t.after(d),t.remove(),a&&e()}function litespeed_inline2src(t){try{var d=urlCreator.createObjectURL(new Blob([t.replace(/^(?: )?$/gm,"$1")],{type:"text/javascript"}))}catch(e){d="data:text/javascript;base64,"+btoa(t.replace(/^(?: )?$/gm,"$1"))}return d} var litespeed_vary=document.cookie.replace(/(?:(?:^|.*;\s*)_lscache_vary\s*\=\s*([^;]*).*$)|^.*$/,"");litespeed_vary||fetch("/wp-content/plugins/litespeed-cache/guest.vary.php",{method:"POST",cache:"no-cache",redirect:"follow"}).then(e=>e.json()).then(e=>{console.log(e),e.hasOwnProperty("reload")&&"yes"==e.reload&&(sessionStorage.setItem("litespeed_docref",document.referrer),window.location.reload(!0))});

Unusual Blockchain Transfers Detected

Following the incident, blockchain researcher ZachXBT, known for tracking activities within the Blockchain, identified unusual transfers from many Trust Wallet addresses in a short period. Shared data revealed successive transactions post-update, transferring balances to different addresses within seconds.

Interestingly, the funds were not moved piece by piece but rather aggressively in a single motion. Bitcoin, Ethereum, and BNB assets were quickly cleared out in each instance, after which the funds were distributed to multiple intermediary addresses. Repeated redirect patterns observed within the blockchain transactions bolstered the possibility of a coordinated attack.

Claims of Losses Exceeding $4.3 Million

Current blockchain data associates at least $4.3 million worth of cryptocurrency with suspicious addresses. However, this figure is based solely on publicly available data and reported wallets, suggesting the actual losses could be higher. ZachXBT shared principal addresses where funds were compiled, emphasizing that these addresses withdrew assets from many compromised wallets and exhibited similar transaction patterns.

In response to these developments, the Trust Wallet team released an official statement on December 26, 2025, via X, highlighting that the issue stemmed from a security vulnerability affecting only the Trust Wallet Browser Extension 2.68 version. Users were advised to immediately disable the extension and upgrade to version 2.69. The team acknowledged the gravity of the situation and assured that an active investigation is ongoing.