Trust Wallet Announces Compensation for $7M Hack of Browser Extension

TLDR

• Trust Wallet confirms $7 million stolen in a hack via its Chrome extension.
• The incident affected users who logged in before Dec. 26, 2025, 11 a.m. UTC.
• A leaked Chrome Web Store API key allowed the malicious extension update.
• Binance guarantees full compensation for the losses caused by the hack.

Trust Wallet has begun offering compensation to users impacted by a security breach in its Chrome extension. The hack, which resulted in the theft of approximately $7 million in digital assets, affected users who had installed version 2.68 of the browser extension. Affected users can now submit claims through an official support form to be reimbursed.

The attack exploited a vulnerability in the Chrome extension, which was caused by a leaked Chrome Web Store API key. This allowed the malicious update to bypass Trust Wallet’s internal release procedures. The compromised extension then harvested users’ wallet seed phrases, leading to the theft of assets across several blockchains, including Bitcoin, Ethereum, and Solana. 

Trust Wallet has confirmed that the hack was only impactful for users who logged into the extension before 11 a.m. UTC on December 26, 2025. Mobile app users and individuals using other versions of the browser extension were not affected.

Trust Wallet Takes Immediate Action

Trust Wallet responded to the hack by rolling out a fix in version 2.69 of the extension on December 25, 2025. The company swiftly acknowledged the breach and confirmed its intention to compensate all affected users.

Trust Wallet stated that each claim would be carefully reviewed and processed, ensuring accuracy and security during the verification process. The company also cautioned users about potential scams, urging them to only use the official compensation form available on its website.

Changpeng Zhao, the founder of Binance, which acquired Trust Wallet in 2018, publicly assured users that the platform would cover the full amount of the losses. He reassured the community by stating, “So far, $7m affected by this hack. Trust Wallet will cover.” Zhao emphasized that user funds were “SAFU” (Secure Asset Fund for Users), reflecting Binance’s commitment to securing users’ assets.

How the Attack Happened

The breach began with a leaked Chrome Web Store API key, which allowed attackers to publish the malicious extension update without going through the standard internal checks. Once released, the malicious code embedded in the extension used a modified open-source analytics library to capture wallet seed phrases when users interacted with the extension. 

This data was then transmitted to the attackers, leading to the theft of funds. Blockchain security firm SlowMist identified the malicious code, confirming its role in the hack.

Blockchain security monitoring by PeckShield later revealed that more than $4 million of the stolen funds had been moved through centralized exchanges, such as ChangeNOW, FixedFloat, and KuCoin. As of December 28, approximately $2.8 million remained in the attackers’ wallets. Trust Wallet has assured its users that it is taking every measure to recover stolen funds and prevent similar incidents in the future.

Trust Wallet Responds to User Concerns

Trust Wallet has urged users to report any suspicious activities related to the hack and avoid falling victim to phishing scams. The company stated that fake compensation forms and impersonation scams were circulating following the breach. Users are advised to only use the official compensation claim form provided by Trust Wallet on its support portal.

The company continues to investigate the full scope of the incident, working with blockchain security experts to track and recover the stolen assets. Trust Wallet’s commitment to compensating affected users shows its dedication to maintaining trust and security within its platform.

The post Trust Wallet Announces Compensation for $7M Hack of Browser Extension appeared first on CoinCentral.