Trust Wallet Chrome Plugin Under Attack as Users Report Massive Financial Losses

Trust Wallet users lost approximately $7 million in a devastating security breach affecting Chrome browser extension version 2.68.0, released on Christmas Eve 2025.

The attack compromised hundreds of wallets by injecting malicious code into the official extension update.

Blockchain investigator ZachXBT first identified the breach on December 24, reporting a sudden spike in unauthorized transactions from affected wallets.

Victims quickly flooded social media with reports of completely drained portfolios containing Ethereum, Bitcoin, Solana, and BNB.

https://twitter.com/0xakinator/status/2004273944694587785?ref_src=twsrc%5Etfw

One user documented a $300,000 loss that occurred within minutes of a routine wallet interaction.

Security researchers discovered the attack vector embedded within the compromised extension bundle.

A malicious JavaScript file disguised as legitimate PostHog analytics software activated when users imported seed phrases.

The obfuscated code silently transmitted recovery phrases and wallet credentials to api.metrics-trustwallet.com, a fraudulent domain registered days before the attack.

SlowMist security firm classified the incident as a supply-chain compromise, where attackers inserted malicious code during the development or distribution process.

The sophisticated operation extended beyond the extension itself, threat actors registered phishing domains such as fix-trustwallet.com, exploiting panicked users by offering fake security patches that demanded entry of the seed phrase for immediate wallet drainage.

Trust Wallet confirmed the breach on December 25, isolating the vulnerability to version 2.68.0 exclusively.

https://twitter.com/0xakinator/status/2004273944694587785?ref_src=twsrc%5Etfw

The company instructed users to immediately turn off the compromised extension and update to version 2.69 in Chrome’s developer mode. Desktop users faced exposure while mobile application users remained unaffected.

The organization is committed to full refunds for all victims. It warned against responding to unofficial direct messages claiming to offer support.

Binance co-founder Changpeng Zhao suggested potential insider involvement, raising questions about internal security protocols at the Binance-owned wallet provider.

This incident highlights critical supply-chain vulnerabilities in cryptocurrency browser extensions, where automatic updates can bypass user security reviews.

Cybersecurity experts recommend that affected users create entirely new wallets and abandon potentially compromised seed phrases.

With cryptocurrency hacking losses approaching $3 billion in 2025, this breach tests Trust Wallet’s commitment to user protection and platform security.

Follow us on Google News , LinkedIn and X to Get More Instant Updates, Set Cyberpress as a Preferred Source in Google.

The post Trust Wallet Chrome Plugin Under Attack as Users Report Massive Financial Losses appeared first on Cyber Security News.