Trust Wallet to Cover $7M Lost in Christmas Day Extension Hack
On December 25, 2025, Trust Wallet—a widely used non-custodial crypto wallet owned by Binance—was hit by a Christmas Day security breach that resulted in an estimated $7 million in cryptocurrency losses for users. The exploit targeted version 2.68 of the Trust Wallet Chrome browser extension, where malicious code was injected into the software update process, enabling attackers to capture sensitive seed phrases and drain funds across multiple chains, including Bitcoin, Ethereum, and Solana.
What Happened?
The incident, widely investigated by on-chain sleuths and cybersecurity researchers, has been described as a supply-chain attack—a form of exploit where trusted software is compromised before reaching users. Attackers were able to publish a malicious version of the extension that silently harvested wallets’ seed phrases when users unlocked or imported them. Trust Wallet later confirmed the breach affected only the compromised extension, and mobile app users were not impacted.
Trust Wallet’s Response
In the aftermath of the hack, Binance co-founder Changpeng Zhao (CZ) took to social media to reassure the community that user funds are secure under the Secure Asset Fund for Users (SAFU) and that Trust Wallet will fully reimburse affected users for their losses, covering the approximate $7 million total. The team has urged all affected users to disable version 2.68 immediately and upgrade to version 2.69 available via the official Chrome Web Store.
Industry Reaction and Security Concerns
The hack has sparked renewed debate around the security of browser-based wallets and the risks inherent in auto-deploying extension updates. Some security experts have even raised the possibility of insider involvement, given the attacker’s apparent familiarity with Trust Wallet’s codebase and access to publish a compromised extension build.
Despite the swift response and reimbursement pledge, the incident serves as a stark reminder that crypto security remains an evolving challenge, particularly for desktop extensions and supply-chain vectors. Users are strongly advised to keep software up to date, enable additional security measures, and consider hardware wallets for large holdings to minimize risks.
I am Pawan Kashyap currently living in Amritsar. I always try to grab new things from the cryptocurrency market. From my observations and trends in the market, I always try to provide the best and accurate information in the form of articles from this blog. Follow us on Facebook, Instagram, and Twitter to join us.
