Trust Wallet confirms hack, pledges to refund $7 million crypto stolen

Attackers injected malicious code into Chrome extension update (v2.68) to steal users' seed phrases.

Trust Wallet, the non-custodial crypto wallet owned by Binance, has confirmed a security breach affecting its Google Chrome browser extension that resulted in the theft of approximately $7 million in digital assets. The company has publicly committed to refunding all affected users.

The attack, which was linked to a compromised update released around Christmas Day, affected users of a specific version of the extension and has been widely reported by blockchain security firms like SlowMist and PeckShield.

Attach chain

The incident was traced to version 2.68 of the Trust Wallet Chrome extension. The breach did not affect the Trust Wallet mobile app or other browser extension versions.

Malicious code injection

Analysis by security experts revealed that malicious code was secretly inserted into the legitimate version 2.68 update. Trust Wallet CEO Eowyn Chen stated that the malicious extension was "NOT released through our internal manual process," suggesting a leaked Chrome Web Store API key was used to bypass standard security checks.

Seed phrase exfiltration

The inserted code was designed to execute once a user unlocked their wallet. It would iterate through all stored wallets, decrypt the encrypted mnemonic (seed phrase) using the user's password, and then exfiltrate the mnemonic phrase to an attacker-controlled server (api.metrics-trustwallet[.]com).

Assets stolen

The $7 million in stolen funds primarily included Bitcoin, Ethereum, and Solana, which were quickly moved and laundered through centralized exchanges (CEXs) and cross-chain bridges.

Trust Wallet's response and user action

Trust Wallet has since pushed an urgent update, version 2.69, to patch the vulnerability and has suspended the malicious domain.

Binance co-founder Changpeng Zhao (CZ) publicly assured users that Trust Wallet would cover all the losses from the hack. The company is actively finalizing the process for processing these refunds.

Mitigation and next steps

Trust Wallet urged all users of the affected Chrome extension:

• Immediately update to version 2.69.

• Do not open or use the extension until the update is complete if you are still on version 2.68.

• Transfer all funds from any affected wallet to a new wallet address generated with a new, never-before-used seed phrase.

The incident is a severe reminder of the persistent supply chain risks, particularly within the crypto ecosystem, where a single compromised software update can lead to catastrophic user losses.