Multi-chain crypto wallet provider Trust Wallet has confirmed a security breach, with early estimates putting losses at over $6 million. The issue came to light on Thursday after blockchain security expert ZachXBT flagged a series of unauthorized fund outflows affecting Trust Wallet users.
What linked all the affected users was the same action: they had recently installed the new Trust Wallet browser extension before their funds were stolen.
Acknowledging the issue, Trust Wallet said on X, “We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only.” The team urged users running that version to disable it immediately and upgrade to version 2.69.
As the investigation progressed, ZachXBT reported that the number of victims had climbed into the hundreds, with stolen assets spread across Bitcoin, Solana, and EVM-based tokens. On-chain data from Arkham shows the attackers using multiple receiving addresses, moving funds through several wallets to make tracking harder.
Users report sudden losses
Several Trust Wallet users took to social media to share their experiences, saying their wallets were drained within minutes—many on Christmas Day. One user claimed to have lost over $300,000, writing, “Everything I’ve been building for. Stolen on Christmas Day.” The user said the transactions happened within a four-minute window, though ZachXBT later flagged that particular account as suspicious.
Users also reported that the breach affected multiple blockchains, including Ethereum-compatible networks, Bitcoin, and Solana, suggesting a widespread exploit rather than an isolated incident.
What went wrong
Trust Wallet had released a new browser extension update on Wednesday, which users installed through the regular update process. Initially, everything appeared normal. However, hackers reportedly tampered with the code, allowing them to extract users’ seed phrases and quickly drain their wallets.
Some users warned that simply importing a seed phrase into the compromised extension could trigger instant fund loss.
Browser extensions typically operate with elevated permissions, including access to web pages, cookies, storage, and browsing activity. When compromised, they offer attackers a powerful way to steal credentials without triggering traditional security defenses.
This incident comes amid growing concerns over extension-based crypto threats. Earlier this year, reports surfaced that more than 40 fake crypto wallet extensions were used to steal users’ private keys and IP addresses.
Trust Wallet clarified that mobile app users and users on other browser extension versions were not affected. The company said its team is actively investigating the issue and is already in contact with impacted users.
