Quick Takeaways
- Over $7 million was stolen from hundreds of Trust Wallet users due to a security breach in the Chrome extension version 2.68.0, triggered by malicious code injected during the recent update.
- The attack involved a compromised JavaScript file that discreetly exfiltrated wallet seed phrases and sensitive data when users imported their seed phrases, sending the info to a malicious domain.
- Attackers used phishing domains mimicking Trust Wallet to trick users into revealing seed phrases, leading to quick, targeted asset drains across major cryptocurrencies like ETH, BTC, SOL, and BNB.
- Trust Wallet confirmed the incident, recommended users disable the compromised extension, upgrade to version 2.69, and warned of supply-chain vulnerabilities that can auto-update malicious code, emphasizing the need for vigilant security practices.
Problem Explained
Recently, a serious security breach affected Many Trust Wallet users. On December 24, 2025, a new Chrome browser extension update (version 2.68.0) was released. Soon after, a surge of unauthorized transfers drained over $7 million from users’ wallets. Blockchain investigator ZachXBT first detected these suspicious outflows on social media platform X, highlighting the rapid loss following user interactions with the compromised extension. Victims shared evidence of their wallets being emptied—some losing hundreds of thousands of dollars within minutes. The attack targeted both ETH, BTC, SOL, and BNB holdings and was linked to a supply-chain compromise, where malicious code was secretly injected into the extension during its update. Researchers found a hidden JavaScript file, masquerading as legitimate analytics, that silently stole seed phrases when users imported their wallet data. The attacker also used phishing domains to falsely assure users of security fixes, tricking them into revealing seed phrases, and increasing the theft. Trust Wallet acknowledged the breach, traced it specifically to the problematic extension version, and urged users to disable it and upgrade to a safer version. Overall, this incident reveals how automatic updates can be exploited in supply-chain attacks, endangering thousands of users and their digital assets.
Risks Involved
The recent hacking of the TrustWallet Chrome extension, which caused users to lose millions, highlights a serious risk that any business relying on digital tools faces today. If your business uses browser extensions, wallets, or third-party integrations, hackers could exploit vulnerabilities and create devastating financial losses. Such breaches can damage your reputation, cause legal issues, and shake customer trust. Moreover, the financial impact can be substantial, draining resources needed for growth or innovation. Consequently, neglecting security measures makes your business vulnerable to similar attacks, risking operational continuity. Therefore, it’s crucial to prioritize robust security protocols and continuously monitor digital assets to safeguard your business from these evolving threats.
Possible Remediation Steps
In cases like the TrustWallet Chrome Extension hack, prompt remediation is crucial to minimize financial losses, protect user assets, and restore confidence in the platform’s security measures.
Containment Measures
Quickly isolate affected systems or accounts to prevent further exploitation.
Incident Investigation
Conduct a thorough forensic analysis to understand the breach origin and scope.
Communication Protocols
Alert affected users promptly, providing guidance on protective steps and updates.
Patch and Update
Develop and deploy security patches to close vulnerabilities exploited during the attack.
Credential Reset
Require users to change passwords and regenerate keys to prevent ongoing access.
Enhanced Monitoring
Implement real-time surveillance to identify unusual activity early.
Security Improvements
Strengthen authentication processes, such as multi-factor authentication, and improve code review procedures.
Documentation and Reporting
Maintain detailed incident reports for compliance and future prevention strategies.
Stay Ahead in Cybersecurity
Explore career growth and education via Careers & Learning, or dive into Compliance essentials.
Access world-class cyber research and guidance from IEEE.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
