- Security Breach Confirmed: Trust Wallet identified a vulnerability in its Chrome browser extension v2.68, affecting desktop users and resulting in approximately $7 million in stolen funds.
- Reimbursements Promised: The company has committed to fully refunding all impacted users, prioritizing support and security enhancements.
- Update Urged: Users are advised to disable the affected version and update to v2.69 via the official Chrome Web Store.
- Insider Involvement Speculated: Former Binance CEO Changpeng Zhao hinted at possible insider role in the incident.
Trust Wallet, the popular cryptocurrency wallet owned by Binance, has suffered a significant security breach in its Chrome browser extension, leading to losses exceeding $7 million for affected users. The incident, which occurred shortly after the release of version 2.68 on December 24, 2025, exposed user seed phrases and enabled unauthorized fund transfers. Mobile app users and other extension versions remain unaffected.
The breach was first reported by users on December 25, 2025, who noticed immediate fund drains upon logging into the extension. Trust Wallet swiftly acknowledged the issue, urging users to disable the extension and upgrade to the patched version 2.69. According to an official update, the company is actively processing refunds for the impacted $7 million.
In a statement on X, Trust Wallet emphasized user support: “We’ve confirmed that approximately $7M has been impacted, and we will ensure all affected users are refunded. Supporting affected users is our top priority.” This response aligns with the wallet’s commitment to security in the volatile crypto space, where breaches can erode user trust rapidly.
Changpeng Zhao (CZ), co-founder of Binance, commented on the incident, suggesting potential insider involvement while assuring reimbursements. His remarks highlight ongoing risks in crypto infrastructure, including smart contract vulnerabilities and KYC lapses, though no specific details on the exploit’s nature were disclosed.
The losses primarily involved major cryptocurrencies such as Bitcoin and Ethereum, underscoring the need for robust wallet security measures. Analysts note that such incidents could prompt stricter regulatory scrutiny on wallet providers, similar to recent Hong Kong proposals for virtual asset custodians.
Users are reminded to verify updates through official channels and avoid phishing attempts amid the chaos. Trust Wallet’s quick action may mitigate long-term damage, but the event serves as a cautionary tale for crypto investors relying on browser extensions for asset management.
Disclaimer: This article is for informational purposes only and does not constitute advice of any kind. Readers should conduct their own research before making any decisions.
© Cryptopress. For informational purposes only, not offered as advice of any kind.
