Trust Wallet users lost more than $7 million shortly after it released an updated version of its extension for the Chrome web browser. The stolen funds will be reimbursed, said Changpeng Zhao, a co-founder of crypto exchange Binance, which owns the utility. The breach, flagged Dec. 25 by onchain detective ZachXBT, was confirmed by the wallet team. "Community alert: A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple hours," ZachXBT posted on Telegram. "While the exact root cause has not been determined coincidentally the Trust Wallet Chrome extension pushed a new update yesterday."
The breach was traced to Trust Wallet's Chrome extension version 2.68. Users who installed the update and imported their seed phrases unknowingly handed attackers the keys to their wallets. Investigators later determined that the incident was the result of a supply-chain attack. "So far, $7m has been affected by this hack. Trust Wallet will cover. User funds are SAFU," CZ wrote on X. This incident occurred in late December 2025, highlighting ongoing supply-chain vulnerabilities in browser extension security that continue to pose threats as the industry moves into 2026.
