The Trust Wallet browser extension has fallen victim to a hacking attack, affecting hundreds of users and resulting in a total loss of $7 million.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
On-chain detective ZachXBT was among the first to highlight the incident, suggesting that the latest Chrome wallet update might be the cause.
A cybersecurity expert known as Akinator discovered malicious code in the upgrade. The script covertly transmitted wallet data to a phishing site, metrics-trustwallet․com. The domain was registered days before the attack and is currently inaccessible.
So here’s what’s happening :
In the Trust Wallet browser extension code 4482.js
a recent update added hidden code that silently sends wallet data outside
It pretends to be analytics, but it tracks wallet activity and triggers when a seed phrase is imported
The data was sent to… pic.twitter.com/8kkMUkDYql— Akinator | Testnet Arc (@0xakinator) December 25, 2025
Trust Wallet emphasized that the attack affected only version 2.68 of the browser extension. The team urged users to upgrade to 2.69 and provided a step-by-step guide.
Follow the step-by-step guide soonest possible:
Step 1: Do NOT open the Trust Wallet Browser Extension on your desktop device to ensure the security of your wallet and prevent further issues.
Step 2: Go to Chrome Extensions panel in your Chrome browser by copying following to…
— Trust Wallet (@TrustWallet) December 26, 2025
Developers are investigating the causes of the incident.
Binance founder and Trust Wallet owner Changpeng Zhao assured that the project will fully compensate the losses.
Analysts at Lookonchain identified the hacker’s addresses and noted that $4.2 million has already been transferred to ChangeNOW, FixedFloat, KuCoin, and HTX.
Trust Wallet(@TrustWallet) has been exploited, with hundreds of users affected and over $6.77M stolen so far.
The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX.
CZ(@cz_binance) has stated that Trust Wallet will fully cover the losses.
Check hacker… pic.twitter.com/6xjyOaxUEK
— Lookonchain (@lookonchain) December 26, 2025
Trust Wallet users are sharing their stories on social media. A user named yuna reported that $300,000 was withdrawn from her wallet in just four minutes.
“I was returning from a family holiday. I wanted to check the markets, maybe find opportunities in the New Year dip. Instead, I opened my wallet and saw that $300,000 was gone. […] Everything I worked for. Stolen right on Christmas,” she wrote.
Earlier in December, the prediction platform Polymarket reported a breach of user accounts due to a vulnerability with a third-party provider.
Since the beginning of the year, hackers have stolen over $3.4 billion in cryptocurrency, according to Chainalysis.