- Trending
- Comments
- Latest
Trust Wallet confirmed a security breach in its browser extension on Thursday that drained over $6 million from hundreds of users, with attackers using malicious code to steal seed phrases and empty wallets across Bitcoin, Ethereum, and Solana.
Blockchain investigator ZachXBT first flagged the incident after tracking unauthorized fund outflows from multiple Trust Wallet users on Christmas Day. All victims had installed browser extension version 2.68, released Wednesday, before experiencing the theft.
“We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only,” Trust Wallet wrote on X. “Users with Browser Extension 2.68 should disable and upgrade to 2.69.”
Following the initial report, ZachXBT noted that the number of victims has risen to the hundreds, with over $6 million stolen in SOL, BTC and EVM tokens.
Arkham Intelligence data shows exploiters used several receiving addresses, moving funds across various wallets. Multiple blockchains were affected, including EVM-compatible networks, Bitcoin, and Solana.
Trust Wallet confirmed that only browser extension version 2.68 was compromised. Mobile wallet users and other browser extension versions were not impacted.
Several Trust Wallet users reported funds drained from their wallets within short time frames on December 25.
One user reported on X losing over $300,000 in a four-minute window. “Everything I’ve been building for. Stolen on Christmas Day,” the user wrote. However, ZachXBT later flagged that account as suspicious.
Reports indicate that importing or accessing a seed phrase in the compromised extension resulted in immediate wallet draining.
Trust Wallet released browser extension version 2.68 on Wednesday, which users installed through the Chrome Web Store’s standard update process.
The extension appeared legitimate but contained hidden code that intercepted users’ seed phrases and transmitted them to attacker-controlled servers, enabling immediate wallet drainage.
Browser extensions operate with elevated access to web pages, cookies, storage, and browsing activity. When compromised, they provide attackers access to credentials without triggering traditional security defenses.
More than 40 fake crypto wallet extensions were discovered stealing users’ keys and IP addresses earlier this year, according to security reports.
Trust Wallet released version 2.69 on Thursday as an emergency fix and urged users to update immediately.
“We understand how concerning this is, and our team is actively working on the issue. We’ll keep sharing updates as soon as possible,” the team wrote on X.
The company confirmed that customer support is contacting impacted users regarding next steps. Trust Wallet has not disclosed whether it will compensate affected users or whether law enforcement is involved.
Users who installed version 2.68 should disable the extension immediately, update to version 2.69, and consider their seed phrases compromised.
