Trust Wallet Chrome Extension Goes Offline After $7M Hack, Victims Face Delays in Claims
Trust Wallet users hit by a Christmas Day browser extension hack are facing new delays in getting reimbursed after the company temporarily removed its Chrome extension from the Chrome Web Store.
The update was meant to roll out a verification tool that would let affected users confirm wallet ownership and securely submit claims. Trust Wallet CEO Eowyn Chen said the extension became unavailable due to a Chrome Web Store bug, which Google is now investigating. Meanwhile, users are being warned to stay cautious of fake or impersonated versions of the extension circulating online.
What happened
On December 25, Trust Wallet confirmed that a malicious version of its Chrome extension (v2.68) had been distributed outside its normal release process. The compromised build allowed attackers to access sensitive wallet data and make unauthorized transactions, resulting in losses totaling roughly $8.5 million across 2,520 wallets.
The hack only affected users who installed version 2.68 and logged in between December 24–26. Mobile app users, other extension versions, or those who logged in after December 26 were not impacted.
The malicious extension appeared legitimate and even passed Chrome’s review, but it contained hidden code that could extract recovery phrases. Users who imported their seed phrase into the extension saw immediate fund outflows across multiple blockchains.
How Trust Wallet responded
The company traced the attack to a supply chain breach called Sha1-Hulud, which had compromised developer tools in November. Exposed GitHub secrets and a leaked Chrome Web Store API key allowed attackers to upload the malicious extension directly, bypassing internal checks.
In response, Trust Wallet:
Rolled back to a clean version (v2.69)
Disabled compromised publishing credentials
Launched a voluntary reimbursement scheme for affected users
The company opened a formal claims process on December 29, but has been overwhelmed with over 5,000 submissions, many of which were duplicates or fraudulent. The delayed Chrome extension update, which was meant to provide another verification tool, has further slowed reimbursements.
Bigger picture
This incident is part of a broader rise in crypto wallet exploits, as attacks on personal wallets continue to account for a growing share of stolen funds. Experts urge users to stay vigilant, double-check wallet addresses, and avoid importing seed phrases into browser extensions unless fully verified.
