Trust wallet hacked: Trust Wallet will cover roughly $7 million in losses tied to a Christmas Day exploit of its browser extension, Binance founder Changpeng Zhao (CZ) announced on social media platforms late Friday. The self‑custody wallet provider confirmed affected users will be reimbursed in full as the team investigates how the breach occurred.
The breach centered on a compromised version of Trust Wallet’s Chrome browser extension (version 2.68), which was distributed shortly before December 25 and subsequently led to unauthorized transfers of user funds. On‑chain investigators and community trackers reported that seed phrases and keys were harvested or accessed in minutes after victims installed the tainted extension. A follow‑up patch to version 2.69 was released quickly, with Trust Wallet urging all users of the impacted extension to disable it and upgrade immediately.
The incident highlights persistent supply‑chain and browser wallet vulnerabilities in the broader crypto ecosystem, as similar extension exploits have affected other wallet providers in recent years. Self‑custody solutions are prized for security and control, but this episode underscores how third‑party distribution vectors and browser integrations can introduce risk vectors. For broader market context on current crypto market trends and risks, see CoinDesk’s coverage of recent security incidents and wallet threats.
In a public post on X, CZ stated:
“So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version.”
Trust Wallet’s official channels also posted updates clarifying that the breach was isolated to the specific extension release and did not impact the mobile app or other wallet versions. The team continues to monitor on‑chain movements of the stolen assets and coordinate with exchanges where some funds have been traced.
The pledge to reimburse the full $7 million elevates Trust Wallet’s commitment to users but also sets a notable precedent in how self‑custody platforms may respond to large‑scale breaches. While many decentralized wallet providers insist that users bear sole responsibility for securing private keys, Trust Wallet’s decision to cover losses — funded in part by parent company Binance’s Secure Asset Fund for Users (SAFU) — could influence expectations for future incident responses.
Security teams behind Trust Wallet have indicated plans to audit and harden distribution pipelines, including more stringent review processes for extension updates and cryptographic verification of release artifacts. Users are strongly advised to revoke approvals from the compromised extension, withdraw assets to trusted environments, and follow official upgrade instructions.
Market response to the hack has been mixed. Trust Wallet’s native token (TWT) experienced short‑term price volatility in the hours following the announcement, though broader crypto markets remained focused on year‑end liquidity and Bitcoin price movements. Industry observers note that while reimbursements help maintain user confidence, the event may spur renewed emphasis on alternative self‑custody mechanisms less reliant on browser extensions.
