Trust Wallet has confirmed that roughly $7 million was impacted by a security incident tied to its browser extension — but says the problem was limited to a single release and that it will fully reimburse affected users.
What happened
- On December 26 Trust Wallet published an update saying the incident affected only Browser Extension version 2.68 (Chrome). Mobile users and other extension versions were not impacted.
- Blockchain investigator ZachXBT first flagged suspicious activity, and subsequent reporting suggested some wallets were drained shortly after users imported seed phrases into the compromised extension.
- Security developers later raised concerns that a recent update may have introduced malicious behaviour, prompting speculation about a potential supply‑chain compromise. Trust Wallet has not yet released technical root‑cause details but insists the impact was contained to v2.68.
Trust Wallet’s response
- The company confirmed “approximately $7M has been impacted and we will ensure all affected users are refunded,” calling support for impacted users its “top priority.”
- Affected users were urged to immediately disable the extension, avoid opening it, and manually update to the secure release — version 2.69.
- Trust Wallet warned users not to follow instructions or messages from channels that are not official, citing risk of secondary scams that attempt to exploit the situation.
- The team says it is finalising the refund process and will share instructions with impacted users as soon as possible, while continuing its investigation.
Why this matters
- The incident highlights the risks associated with browser extensions and the crypto software supply chain, where a single update can introduce vulnerabilities at scale.
- Even though Trust Wallet says the scope was limited, the event is one of the more significant wallet security disclosures during the year‑end period and has renewed calls for stricter review processes, transparency, and user caution.
What users should do now
- If you ran Browser Extension v2.68: do not open the extension, disable it via Chrome’s extension settings, and update manually to v2.69.
- Be wary of unsolicited messages or “help” instructions outside official Trust Wallet channels.
- As general best practice: never paste or import seed phrases into software you do not fully trust, and consider hardware wallets for large holdings.
Trust Wallet has pledged to keep users updated as the refund process and investigation progress.
Disclaimer: AMBCrypto’s content is informational and not investment advice. Trading, buying, or selling cryptocurrencies carries high risk; readers should do their own research. © 2025 AMBCrypto
Read more AI-generated news on: undefined/news
