Trust Wallet Hack Drains Over $6 Million After Browser Extension Update

Highlights:

• The Trust Wallet hack shows how a single update can put user funds at risk.
• Browser extensions remain a major weak point for crypto wallet security.
• The recent attacks highlight the need for faster alerts and safer update checks.

Multi-chain crypto wallet provider Trust Wallet confirmed a security breach tied to its browser extension on Thursday. Several users reported unauthorized fund outflows shortly after installing a recent extension update.

Blockchain investigator ZachXBT flagged the issue after receiving multiple reports within hours. Early estimates show that the losses exceed $6 million across several blockchains. The affected assets included Bitcoin, Solana tokens, and EVM-based cryptocurrencies.

Users reported that wallet drains occurred within minutes of normal extension activity. Many reports surfaced during the Christmas holiday period, when users returned to check balances. On-chain data indicated that attackers moved funds to several receiving addresses. In addition to this, blockchain trackers have noticed rapid exchanges among wallets to minimize traceability.

Further reports showed that victims shared a common factor before the theft. Each affected user had installed the new Trust Wallet browser extension update. Some users said they noticed no unusual prompts or warnings before the drains. In several cases, transactions occurred within a four-minute window. This speed left users little time to react or move funds.

Trust Wallet hack Linked to Extension Version 2.68

Trust Wallet later confirmed that the issue affected Browser Extension version 2.68 only. The company urged users to disable that version and upgrade immediately to version 2.69. ZachXBT said the number of affected users rose into the hundreds. He added that attackers siphoned funds across Bitcoin, Solana, and EVM-compatible networks. However, investigators said the precise technical root cause remained under review.

Several users reported that importing a seed phrase triggered immediate wallet draining. Security researchers clarified that browser extensions run with high system permissions. These permissions include access to storage, cookies, and browsing. Attackers are able to steal sensitive credentials without initiating endpoint defenses when they are misconfigured. Consequently, attacks that rely on extensions cannot be detected early.

On-chain analysis showed that the attackers split the stolen funds across several addresses. Arkham-linked data suggested that exploiters used multiple wallets to receive assets. Shortly after, attackers moved portions of the funds across chains. Some assets later appeared to move toward centralized exchanges. Investigators said these steps often complicate tracing and recovery efforts.

In a separate industry incident, Balancer confirmed a major exploit earlier last month. Attackers drained more than $129 million from Balancer v2 liquidity pools. Blockchain security firms PeckShield and Spot On Chain flagged large vault outflows across several chains. The case revealed that there are persistent security threats in established DeFi platforms.

Company Response and Broader Security Context

Trust Wallet stated that mobile-only users and other extension versions were not affected. The company said customer support teams had contacted impacted users regarding next steps. Trust Wallet also advised users to avoid opening the extension until completing the update. Founder Changpeng Zhao said the company would cover verified losses. He added that user funds remained protected following the incident.

Meanwhile, other platforms have faced similar security issues in recent months. Arcadia Finance reported a breach on the Base blockchain. According to Cyvers, an attacker exploited Arcadia’s Rebalancer contract in under one minute. The attacker used swap data parameters to induce unauthorized asset transfers.