Trust Wallet has confirmed a hack that led to millions of dollars in user funds being drained.
What initially appeared as scattered wallet losses quickly hardened into something far more serious: a confirmed supply-chain compromise of Trust Wallet’s official Chrome browser extension.
The Christmas Trust Wallet hack
The incident traces back to December 24, 2025, when Trust Wallet released version 2.68.0 of its Chrome browser extension.
The first major public alarm came from on-chain investigator ZachXBT, who linked the wallet drains directly to the v2.68 update while funds were still in motion. His warnings helped frame the incident as an extension compromise rather than a user-level mistake.
In many cases, wallets were emptied within minutes of importing a seed phrase or accessing an existing wallet through the extension.
By December 26, the picture was clearer, and Trust Wallet publicly confirmed that only the browser extension version 2.68 was affected.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: chrome.google.com/webstore/detai…
Please note: Mobile-only users
Although mobile users were not impacted, the company advised all extension users to immediately disable version 2.68 and upgrade to version 2.69 through the official Chrome Web Store.
What really went wrong
Researchers and on-chain investigators described the exploit as a straight supply-chain attack, not phishing and not user error.
According to multiple analyses shared publicly, the compromised extension contained a malicious JavaScript payload embedded in what appeared to be routine analytics code.
The script, often referenced as a file similar to “4482.js,” allegedly masqueraded as a PostHog-style integration. Its function was simple and devastating.
When users entered or accessed their recovery phrase, the data was silently exfiltrated to attacker-controlled infrastructure using domains that closely resembled legitimate Trust Wallet metrics endpoints.
Once attackers had the seed phrase, no further interaction was needed. There were no approvals to trick and no transactions to sign.
The wallet could be restored elsewhere and drained across every supported blockchain.
That is exactly what investigators observed, with rapid multi-chain sweeps affecting Bitcoin, EVM networks, Solana, and BNB Chain.
Money trailed to instant exchange services and CEXs
While some reports pointed to roughly $2.8 million in confirmed drains, others tracked more than $4 million passing through identified services. Trust Wallet has, however, confirmed that the total impact stood at approximately $7 million.
Binance founder CZ, whose company acquired Trust Wallet in 2018, also stated that losses were around $7 million and confirmed that users would be made whole.
CZ also highlighted the most uncomfortable issue raised by the incident: how a malicious build was able to reach the Chrome Web Store under an official wallet brand.
On-chain analysis reveals that the stolen funds are being transferred quickly, with a significant portion routed through instant exchange services and centralised platforms.
Public trackers cited flows into services such as ChangeNOW and FixedFloat, as well as exchanges including KuCoin and HTX.
Trust Wallet(@TrustWallet) has been exploited, with hundreds of users affected and over $6.77M stolen so far.
The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX.
CZ(@cz_binance) has stated that Trust Wallet will fully cover the losses.
Check hacker
As investigations continue, Trust Wallet has warned users to ignore any messages that did not come from official Trust Wallet channels.
The post Trust Wallet just got hacked on Christmas, $7M drained appeared first on Invezz
