Security Flaw in Trust Wallet Browser Extension Results in $7 Million Losses

Approximately $7 million disappeared from Trust Wallet user wallets following an incident related to the service’s browser extension. The issue was discovered in late December when the platform’s security team identified anomalous activity across multiple accounts. The flaw specifically affected version 2.68 of the browser extension, compromising the security of funds for hundreds of users.

Changpeng Zhao, co-founder of Binance (the parent company of Trust Wallet), publicly confirmed that all losses will be reimbursed to affected users. The quick response from the management signaled a commitment to protecting investors.

Incident Affects Browser Extension, But Other Platforms Remain Secure

When malicious software gains access to a cryptocurrency wallet’s browser extension, it can authorize unauthorized transfers of funds. The incident was initially flagged by onchain analyst ZachXBT, who posted an alert in the community warning about unauthorized withdrawals.

“A number of Trust Wallet users reported that funds were withdrawn from their addresses in recent hours,” ZachXBT stated. “While the exact cause is still under investigation, the browser extension released an update during the same period.”

It is important to note that users on mobile devices and other versions of the browser extension were not affected. The vulnerability was limited to the specific version released for computers.

How the Flaw Compromised User Funds

Cryptocurrency wallets operate by storing private keys that authorize transactions. When malicious actors gain access to the compromised browser extension, they can bypass security layers and execute transfers to addresses controlled by criminals.

Trust Wallet’s team immediately advised users not to open version 2.68 and to update to version 2.69, which fixes the vulnerability. This type of situation highlights the inherent risks of browser extensions as interfaces between users and digital assets.

Data Reveals Accelerated Growth in Personal Wallet Attacks

The 2025 figures paint a concerning picture for the security of personal wallets. According to a Chainalysis report, cryptocurrency thefts reached $6.75 billion that year. Even more alarming is the surge in individual compromises: rising to 158,000 cases compared to 64,000 the previous year.

Although the total amount stolen from personal wallets accounts for only 20% of total losses (down from 44% in previous periods), the growing trend of targeted attacks on individual users worries industry analysts.

Protection Measures and Official Response

Trust Wallet’s response was swift. The platform issued an official statement instructing the community on necessary actions. Besides the mandatory browser extension update, the management is working to identify all affected accounts and process reimbursements.

Changpeng Zhao reaffirmed the commitment to fully compensate affected users, demonstrating the priority given to restoring trust in the platform. This incident underscores the importance of keeping browser extensions up to date and monitoring for anomalous activity in digital wallets.

For users managing cryptocurrencies via browser extensions, it is recommended to regularly verify installed versions, enable two-factor authentication when available, and consider using hardware wallets for larger holdings.