Trust Wallet says it will reimburse users about $7M after Chrome extension hack

CZ added that the team is still trying to determine how an attacker was able to publish a new version of the product to the extension store.

The issue surfaced late Dec. 25 into early Dec. 26, after users began reporting unauthorized withdrawals. Onchain investigator ZachXBT said he received messages from multiple victims within hours, and that the number of affected users could reach into the hundreds. The Lookonchain account posted an estimate of “at least $6 million” in losses around the time of the first updates.

Trust Wallet said the incident affected only the Chrome extension, specifically version 2.68, and was limited to desktop users. The company advised users not to open the extension until updating and to move to the patched version 2.69 through an official source. Trust Wallet added that, based on its current assessment, the mobile app and other extension versions were not impacted.

Security researchers said the attack may have been prepared in advance and resembles a supply-chain incident, where malicious code makes its way into a software update.

SlowMist co-founder Yu Xian said the preparation may have started on Dec. 8, the “backdoor” may have been inserted on Dec. 22, and the outflows began on Christmas. SlowMist also warned that the malicious logic may have done more than facilitate theft, potentially collecting user data and sending it to an attacker-controlled server.

As more details circulated, some in the crypto community raised the possibility of insider involvement. CZ publicly agreed that an insider scenario appears plausible.

What are users being advised to do?

• Check the Trust Wallet extension version in Chrome and, if needed, update to 2.69 via the official store/extension panel.
• Do not enter your seed phrase on third-party websites and do not trust “urgent fixes” shared on social media.
• If you suspect compromise, move any remaining funds to a new wallet secured by a new seed phrase.