A security incident involving the Browser Extension has resulted in approximately $7 million in losses, drawing renewed attention to the risks associated with browser-based crypto wallets. Trust Wallet confirmed that the issue affected only Browser Extension version 2.68, urging users to disable the extension immediately & upgrade to version 2.69, which the company has stated is secure. Mobile-only users & all other extension versions were not impacted.

While the incident was contained to a single version, its implications stretch far beyond Trust Wallet itself, touching on broader questions around wallet distribution, update security & user protection in the crypto ecosystem.

• What Happened
• How the Attack Surface Emerged
• Response, Compensation & User Impact
• Why This Matters for Crypto Wallet Security

What Happened

According to Trust Wallet’s disclosure, a compromised version of its browser extension was distributed, exposing users who interacted with version 2.68 during the affected period. Although full technical details have not yet been released, the nature of the response suggests that attackers were able to exploit wallet interaction flows rather than the underlying blockchain protocols.

Browser extensions, particularly crypto wallets, operate with elevated permissions. They sit directly between users & decentralized applications, handling transaction signing, address approvals & session data. A single malicious update can therefore redirect funds, manipulate approval prompts, or deceive users into authorizing unintended transfers.

Follow the step-by-step guide soonest possible:

Step 1: Do NOT open the Trust Wallet Browser Extension on your desktop device to ensure the security of your wallet and prevent further issues.

Step 2: Go to Chrome Extensions panel in your Chrome browser by copying following to…— Trust Wallet (@TrustWallet) December 26, 2025

The issue came to public attention after blockchain investigator reported receiving a growing number of messages from affected users. This prompted calls for clarity on the scale of losses & whether compensation would be offered.

Trust Wallet acknowledged the situation & stated that its internal teams were investigating how the compromised version passed through the extension submission & review process.

How the Attack Surface Emerged

The incident highlights a structural vulnerability common across browser-based wallets, i.e., distribution dependency. Unlike mobile apps or hardware wallets, browser extensions rely heavily on third-party marketplaces such as the Chrome Web Store.

While these platforms implement automated reviews & policy checks, they are not designed for adversarial environments where attackers actively attempt to bypass safeguards. For crypto wallets, this creates a unique risk. Even short-lived exposure to a compromised version can result in irreversible losses, since blockchain transactions cannot be rolled back once confirmed.

In recent years, attackers have increasingly shifted focus away from protocol-level exploits toward software supply-chain attacks, targeting the tools users trust to manage their assets rather than the blockchains themselves. The Trust Wallet incident fits squarely into this trend.

So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏

The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b— CZ 🔶 BNB (@cz_binance) December 26, 2025