Trust Wallet is a decentralized application used by over 200 million people to manage various digital assets like Bitcoin and Ethereum. Originally launched in 2017 and later acquired by the Binance exchange, it provides users with mobile apps and browser extensions for cryptocurrency storage. A recent security failure occurred when version 2.68.0 of its Chrome extension was compromised, allowing hackers to inject malicious JavaScript code into the software.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The breach occurred on December 24, 2025, when attackers successfully pushed the tainted version through the Chrome Web Store. According to company officials, the hackers likely utilized a leaked API key to bypass the internal manual review process that usually governs new releases. This allowed the malicious file to pass through Google’s automated checks and reach thousands of unsuspecting users who updated their extensions during the holiday period.
In the aftermath of the discovery, Trust Wallet advised its entire user base to immediately update to version 2.69 to prevent further unauthorized access. To stabilize the situation, the company expired all existing release APIs, effectively freezing any new updates for a two-week period. They also worked with domain registrars to shut down the specific servers that the attackers were using to collect stolen wallet information.
Despite these defensive measures, the attackers pivoted to social engineering tactics to exploit the confusion surrounding the hack. They created fraudulent websites designed to look like official Trust Wallet pages, tricking users into providing their private recovery seed phrases under the guise of a mandatory security update. This secondary phase of the attack aimed to drain even more funds from users who were already concerned about their digital security.
The company continues to investigate the full extent of the API key leak while emphasizing the importance of user vigilance against phishing. While the technical vulnerability in the extension has been addressed, the financial loss to the community stands at approximately 7 million dollars. Users are reminded that legitimate wallet providers will never ask for a recovery phrase to perform a software update or security patch.
Source: Trust Wallet Says 2596 Wallets Drained In 7 Million Crypto Theft Attack Worldwide