Key Highlights
- According to ZachXBT, over $6 million was drained from hundreds of Trust Wallet users on December 25, following a compromised update to the wallet’s Chrome browser extension
- The theft was allegedly caused by malicious code inserted into the official extension update, version 2.68
- The wallet service provider has confirmed the incident, clarifying that mobile-only users and all other browser extension versions are not impacted.
On Christmas Day, a major security breach took place on the popular cryptocurrency wallet. On December 25, on-chain investigator ZachXBT shared a post on Telegram, where he detailed unauthorized fund outflows from Trust Wallet accounts.
According to ZachXBT, multiple Trust Wallet users reported unauthorized fund outflows from their wallet addresses within the past few hours. The root cause has not yet been confirmed, but the incidents occurred after Trust Wallet’s Chrome extension released an update yesterday.…
— Wu Blockchain (@WuBlockchain) December 25, 2025
He estimated that total losses exceeded over $6 million, which has affected many users across various blockchains, including Ethereum, Bitcoin, and Solana.
In the post, ZachXBT shared a list of crypto wallet addresses linked to the hacker.
Trust Wallet Compromised After New Chrome Extension Update
ZachXBT said, “While the exact root cause has not been determined coincidentally, the Trust Wallet Chrome extension pushed a new update yesterday.”
The breach was linked to the Trust Wallet browser extension for Google Chrome. An update to version 2.68, released on December 24, is believed to have contained malicious code. The attack is classified as a supply-chain compromise, where a trusted software update is secretly tampered with.
In this case, a harmful JavaScript code was inserted. The code activated when users imported their secret recovery phrase, which is a much-needed string of words that controls access to the funds.
This sensitive data was then sent to a fake website designed to look like Trust Wallet’s official infrastructure. Once the attacker has the seed phrases, they could empty the wallets at will, moving funds rapidly through multiple addresses to hide their trail.
(Source: Trust Wallet on X)
In response to this incident, Trust Wallet officially admitted that the security incident occurred on December 25. The company confirmed that the problem was limited to the browser extension version 2.68. Also, the service provider confirmed that users of the mobile app and other extension versions were not affected.
The Trust Wallet has requested all users to immediately disable the version 2.68 extension. They advised users to upgrade directly from the Official Chrome Web Store to the patched version 2.68. The company stated that its team is actively investigating the security breach and promised to provide further updates.
As of now, there is no statement given from the wallet service provider on the compensation for affected users.
According to ZachXBT, estimated losses remain at over $6 million. The event clearly highlights the risk associated with browser extensions, which operate with high levels of permission inside a web browser.
Users are advised to revoke any token approvals granted by the compromised wallet, monitor their transaction history using blockchain explorers, and, if affected, move their assets to a new wallet with a freshly generated seed phrase.
Cyber experts are advising users to use hardware wallets or switch to official mobile applications until the situation is fully resolved.
Crypto Wallets Become Soft Target For Cyber Attackers
For many years, crypto wallets have been a soft target for wrongdoers. These security breaches rarely involve hacking the main wallet software itself. Instead, attackers use methods like phishing, malware, and supply-chain exploits to steal user credentials.
MetaMask, the leading Ethereum wallet, has been a frequent target of phishing campaigns. In 2021, Scammers used paid Google advertisements to promote fake websites that mimicked MetaMask and Phantom, another popular wallet. These fake sites deceived users into entering their seed phrases, resulting in massive losses.
These cyber attacks have also affected hardware wallet as the leading hardware wallet provider Ledger was involved in a major 2023 incident. In this incident, a former employee’s compromised credentials were used to insert malicious code into a widely used software library called the Ledger Connect Kit. This breach affected the web interfaces of decentralized applications like Zapper and SushiSwap.
As the crypto sector grows rapidly, so do cyberattacks. According to mid-year data from the blockchain analytics firm Chainalysis, over $2.17 billion was stolen in just the first six months of the year. This figure has already surpassed the total for all of 2024.
Also Read: Private Key Leak Drains $2.3M USDT as Hacker Swaps Funds to ETH
