{"id":92662,"date":"2025-12-26T09:40:37","date_gmt":"2025-12-26T06:40:37","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=92662"},"modified":"2025-12-29T11:02:23","modified_gmt":"2025-12-29T08:02:23","slug":"trust-wallet-users-suffer-7-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/trust-wallet-users-suffer-7-million-hack\/","title":{"rendered":"Trust Wallet Users Suffer $7 Million Hack"},"content":{"rendered":"<p>The Trust Wallet browser extension has fallen victim to a hacking attack, affecting hundreds of users and resulting in a total loss of $7 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We\u2019ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.<\/p>\n<p>Please refer to the official Chrome Webstore link here: <a href=\"https:\/\/t.co\/V3vMq31TKb\">https:\/\/t.co\/V3vMq31TKb<\/a><\/p>\n<p>Please note: Mobile-only users\u2026<\/p>\n<p>\u2014 Trust Wallet (@TrustWallet) <a href=\"https:\/\/twitter.com\/TrustWallet\/status\/2004316503701958786?ref_src=twsrc%5Etfw\">December 25, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On-chain detective ZachXBT was among the first to highlight the incident, suggesting that the latest Chrome wallet update might be the cause.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"investigations\/296\" data-width=\"100%\"><\/script><\/p>\n<p>A cybersecurity expert known as Akinator discovered malicious code in the upgrade. The script covertly transmitted wallet data to a phishing site, metrics-trustwallet\u2024com. The domain was registered days before the attack and is currently inaccessible.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">So here\u2019s what\u2019s happening :<\/p>\n<p>In the Trust Wallet browser extension code 4482.js<br \/>a recent update added hidden code that silently sends wallet data outside<br \/>It pretends to be analytics, but it tracks wallet activity and triggers when a seed phrase is imported<br \/>The data was sent to\u2026 <a href=\"https:\/\/t.co\/8kkMUkDYql\">pic.twitter.com\/8kkMUkDYql<\/a><\/p>\n<p>\u2014 Akinator | Testnet Arc (@0xakinator) <a href=\"https:\/\/twitter.com\/0xakinator\/status\/2004297673067704651?ref_src=twsrc%5Etfw\">December 25, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Trust Wallet emphasized that the attack affected only version 2.68 of the browser extension. The team urged users to upgrade to 2.69 and provided a step-by-step guide.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Follow the step-by-step guide soonest possible:<\/p>\n<p>Step 1: Do NOT open the Trust Wallet Browser Extension on your desktop device to ensure the security of your wallet and prevent further issues.<\/p>\n<p>Step 2: Go to Chrome Extensions panel in your Chrome browser by copying following to\u2026<\/p>\n<p>\u2014 Trust Wallet (@TrustWallet) <a href=\"https:\/\/twitter.com\/TrustWallet\/status\/2004381562377527702?ref_src=twsrc%5Etfw\">December 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Developers are investigating the causes of the incident.<\/p>\n<p>Binance founder and Trust Wallet owner Changpeng Zhao <a href=\"https:\/\/x.com\/cz_binance\/status\/2004397190819783013\">assured<\/a> that the project will fully compensate the losses.<\/p>\n<p>Analysts at Lookonchain identified the hacker&#8217;s addresses and noted that $4.2 million has already been transferred to ChangeNOW, FixedFloat, KuCoin, and HTX.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Trust Wallet(<a href=\"https:\/\/twitter.com\/TrustWallet?ref_src=twsrc%5Etfw\">@TrustWallet<\/a>) has been exploited, with hundreds of users affected and over $6.77M stolen so far.<\/p>\n<p>The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX.<\/p>\n<p>CZ(<a href=\"https:\/\/twitter.com\/cz_binance?ref_src=twsrc%5Etfw\">@cz_binance<\/a>) has stated that Trust Wallet will fully cover the losses.<\/p>\n<p>Check hacker\u2026 <a href=\"https:\/\/t.co\/6xjyOaxUEK\">pic.twitter.com\/6xjyOaxUEK<\/a><\/p>\n<p>\u2014 Lookonchain (@lookonchain) <a href=\"https:\/\/twitter.com\/lookonchain\/status\/2004432489042039144?ref_src=twsrc%5Etfw\">December 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Trust Wallet users are sharing their stories on social media. A user named yuna <a href=\"https:\/\/x.com\/yunaintern\/status\/2004338453215936515\">reported<\/a> that $300,000 was withdrawn from her wallet in just four minutes.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cI was returning from a family holiday. I wanted to check the markets, maybe find opportunities in the New Year dip. Instead, I opened my wallet and saw that $300,000 was gone. [\u2026] Everything I worked for. Stolen right on Christmas,\u201d she wrote.<\/em><\/p>\n<\/blockquote>\n<p>Earlier in December, the prediction platform Polymarket <a href=\"https:\/\/forklog.com\/en\/news\/polymarket-confirms-user-account-breach\">reported<\/a> a breach of user accounts due to a vulnerability with a third-party provider.<\/p>\n<p>Since the beginning of the year, hackers have <a href=\"https:\/\/forklog.com\/en\/news\/losses-from-crypto-hacks-reached-3-4bn-in-2025\">stolen<\/a> over $3.4 billion in cryptocurrency, according to Chainalysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Trust Wallet browser extension has fallen victim to a hacking attack, affecting hundreds of users and resulting in a total loss of $7 million.<\/p>\n","protected":false},"author":1,"featured_media":92663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Trust Wallet browser extension hacked, $7M lost.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,44,776],"class_list":["post-92662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cybercrime","tag-trust-wallet"],"aioseo_notices":[],"amp_enabled":true,"views":"630","promo_type":"1","layout_type":"1","short_excerpt":"Trust Wallet browser extension hacked, $7M lost.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=92662"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92662\/revisions"}],"predecessor-version":[{"id":92664,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92662\/revisions\/92664"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/92663"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=92662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=92662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=92662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}