A security issue in the Trust Wallet Chrome extension led to losses of more than $7 million. The problem was linked to extension version 2.68.0, released on December 24, 2025.
Unusual wallet activity was noticed shortly after the update went live. Blockchain investigator ZachXBT raised concerns after seeing unauthorized transfers from multiple wallets.
Users Report Major Losses
Users later shared reports showing their balances suddenly drained. The stolen assets included Bitcoin, Ethereum, Solana, and BNB. In some cases, funds were taken within minutes after users approved what appeared to be a normal action.
Early estimates from security researchers placed losses near $6 million, while Trust Wallet later confirmed the total had reached around $7 million, affecting hundreds of wallets.
The issue appears to have only affected the Chrome desktop extension. The Trust Wallet mobile app was not impacted. Security firm SlowMist warned the incident may be tied to a supply-chain compromise during the extension update process.
Researchers found that the compromised package contained a hidden JavaScript file called 4482.js that pretended to be an analytics component.
The script triggered when users imported their seed phrase and quietly sent sensitive wallet data, including recovery phrases, to a fake domain designed to look like an official Trust Wallet service.
Domain records showed that the server used to collect stolen data was newly registered and not linked to Trust Wallet in any way.
Attackers also set up fake support websites to exploit the situation. These sites claimed to offer urgent fixes and asked users to enter their recovery phrases, which allowed wallets to be drained almost instantly. Similar registration details across the sites point to an organized campaign.
Trust Wallet confirmed the issue on December 25 and said it only affected the Chrome extension version 2.68.0. Users were instructed to turn off the affected extension and update to version 2.69, which addresses the issue.
Leave A Comment