Trust Wallet Extension Flaw Linked to Over $6M Drains in Bitcoin, Ethereum Wallets

• Trust Wallet browser extension v2.68 compromised in supply chain attack, draining $6.77M across ETH, BTC, and SOL.

• On-chain analyst ZachXBT identified hundreds of affected addresses with funds routed to exchanges like KuCoin and HTX.

• Losses estimated at $6.77M total, with $2.35M remaining in exploiter wallets; full user compensation confirmed.

Trust Wallet security incident exposes browser extension v2.68 vulnerability, draining $6M+. Upgrade now to v2.69 & stay safe—mobile unaffected. Expert insights on exploit & recovery inside.

What is the Trust Wallet security incident?

Trust Wallet security incident refers to a supply chain attack targeting the browser extension version 2.68, where malicious code drained over $6 million from user wallets. Trust Wallet identified the issue and urged users to disable the extension and upgrade to version 2.69 immediately. The incident spared mobile users entirely.

How did the Trust Wallet exploit occur?

The exploit stemmed from a compromised version of the browser extension submitted to app stores, containing a hidden phishing redirect. Users entering private seed phrases into the flawed extension had funds drained to attacker-controlled addresses. On-chain researcher ZachXBT tracked outflows exceeding $6.77 million across Ethereum, Bitcoin, and Solana, with funds swapped via services like ChangeNOW and FixedFloat before hitting exchanges such as KuCoin and HTX.

ZachXBT’s analysis revealed hundreds of affected wallets, some holding assets for years, losing even small BTC amounts. Approximately $2.35 million remains in known exploiter addresses after laundering attempts. Trust Wallet confirmed the issue was isolated to the extension, with no compromise to core private key technology.

The team is investigating the supply chain breach that allowed the malicious update on December 24, 2025. Binance founder and former CEO Changpeng ‘CZ’ Zhao stated that all affected users would receive full compensation. This follows Trust Wallet’s recent popularity boost from adding native prediction markets, positioning it as a Web3 hub.

Frequently Asked Questions

Is the Trust Wallet security incident affecting mobile users?

No, the Trust Wallet security incident impacts only the browser extension version 2.68. Mobile app users face no risk and can continue using their wallets normally. Trust Wallet explicitly stated this in their announcement.

What should users do after the Trust Wallet browser extension exploit?

Users should immediately disable the browser extension version 2.68 and upgrade to version 2.69. Avoid entering private seed phrases into any suspicious versions, and create new wallets if compromised. Trust Wallet is compensating verified losses.

Key Takeaways

• Isolated to extension: Browser version 2.68 alone affected; mobiles safe, highlighting extension risks.
• $6.77M drained: ZachXBT data shows widespread impact across chains, with exploiters using mixers and exchanges.
• Compensation assured: CZ Zhao promises reimbursements; prioritize upgrades and new wallet generation.

Conclusion

The Trust Wallet security incident underscores vulnerabilities in browser extensions amid rising crypto security measures, with the v2.68 exploit draining $6.77 million through a supply chain compromise. On-chain tracking by experts like ZachXBT exposed the full scope, prompting swift upgrades and compensation commitments from leaders like CZ Zhao. As crypto exploits evolve toward phishing and address poisoning, users must prioritize verified updates and seed phrase security to safeguard assets moving forward. Stay vigilant with official channels for ongoing investigations and protections.