Blockchain

Trust Wallet Chrome Extension Hack Drains Over $6.7M from Users

Crypto wallet provider Trust Wallet has confirmed a security incident affecting a specific version of its browser extension, after on-chain investigator ZachXBT estimated that attackers drained more than $6.77 million from users’ wallets so far. The incident has raised fresh concerns around browser-based wallet security at a time when crypto-related exploits continue to rise across the industry. The issue surfaced on Thursday after ZachXBT issued a public alert on Telegram, warning that multiple Trust Wallet users had reported sudden and unauthorized fund transfers.

According to the investigator, users saw their balances disappear within minutes, with no signs of gradual withdrawals. Many reports appeared shortly after Trust Wallet rolled out an update to its Chrome browser extension. Further, as per Lookonchain, the hacker has sent about $4.25 million to ChangeNOW, FixedFloat, KuCoin, and HTX. Trust Wallet later confirmed on X that the incident impacted Browser Extension version 2.68.

The company urged users to immediately upgrade to version 2.69 and advised those still on the affected version to disable the extension until the update is complete. “Users with Browser Extension 2.68 should disable and upgrade to 2.69,” Trust Wallet said, adding that mobile-only users and other extension versions were not affected.

Several user reports claimed that funds vanished immediately after importing seed phrases into the updated extension 2.68. On-chain data reviewed by ZachXBT showed rapid transfers involving Bitcoin, Ethereum, and Solana, with funds routed through multiple receiving addresses in a consistent pattern. The activity concentrated in the hours following the update rollout, suggesting a narrow but impactful attack window.

According to publicly available blockchain information, ZachXBT found several addresses that were being paid by hundreds of affected wallets. Early estimates placed losses above $6 million, while visible on-chain transfers accounted for at least $4.3 million. The final figure could rise as more victims come forward. Trust Wallet said it is actively investigating the issue but has not publicly disclosed the root cause or whether the extension update directly enabled the exploit. As of press time, the company has not announced recovery options or mitigation measures beyond upgrading the extension.

Binance Co-Founder Changpeng Zhao (CZ) addressed the incident on X, saying “So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.” He added that, “The team is still investigating how hackers were able to submit a new version.”

The Trust Wallet incident raises the issue of increasing risks associated with browser extensions, which typically deal with private keys and seed phrases. In contrast to smart contract exploits, wallet-level attacks may result in immediate and irreparable losses, and users have little to do about it.

The incident is also part of a larger trend of increasing crypto theft. According to Chainalysis estimates, attackers stole more than $3.41 billion in cryptocy between January and early December this year, slightly higher than last year’s total. Many of these incidents involved phishing attacks, compromised third-party services, or wallet vulnerabilities.

Decentralized prediction platform Polymarket, earlier this week, verified that a recent hack was a result of a vulnerability in a third-party authentication provider, and not its own systems. There, the attackers emptied user accounts following the use of external login infrastructure, which highlights the importance of dependencies that are not part of core platforms in creating severe risks.

The combination of these events demonstrates that wallet providers and crypto platforms are still appealing targets, despite the absence of direct protocol failures. The Trust Wallet case contributes to the existing discussions on user security, extension-based wallets, and the necessity of more robust protection of the crypto ecosystem as a whole

Terron Gold

Next Bitcoin Sits Out Santa Rally as Stocks and Precious Metals Set Records »

Previous « 'Bitcoin Rodney' Faces Decades in Prison as Feds Add Wire Fraud to HyperFund Charges

Published by

Terron Gold

Tags: chrome extensionhackersTrust WalletZachXBT

4 months ago

Candy Digital Announces Migration to Solana as NFT Platform Repositions for Long Term Growth

NFT platform Candy Digital has announced plans to migrate its digital collectibles ecosystem to the Solana blockchain, signaling…

6 hours ago

U.S. Regulation

US Military Runs Bitcoin Node for National Security Testing, Admiral Tells Congress

The U.S. military has confirmed it is actively running a Bitcoin node as part of national security research, while…

6 hours ago

Web3 Gaming

Over 90% of Web3 Games Failed After $15 Billion Boom as Players Never Showed Up

The Web3 gaming sector is facing a harsh reality check as new data reveals that more…

7 hours ago

Market Watch

Justin Sun Sues Trump Linked World Liberty Financial Over Frozen Crypto Assets

Justin Sun, founder of TRON, has filed a federal lawsuit against World Liberty Financial, a crypto venture…

9 hours ago

Market Watch

Tether Freezes $344 Million in USDT on Tron After Wallets Flagged by U.S. Authorities

Tether has frozen approximately $344 million in USDT on the Tron blockchain after the wallets were flagged by U.S. authorities, marking…

10 hours ago

U.S. Regulation

Kalshi Fines and Suspends Three Congressional Candidates for Betting on Their Own Elections

Prediction market platform Kalshi has fined and suspended three U.S. congressional candidates after determining they engaged in “political…

11 hours ago