$7 Million Lost in Extension Compromise

Trust Wallet users lost around $7 million after a malicious exploit targeted the wallet’s browser extension on Christmas Day. The incident affected desktop users running Trust Wallet browser extension version 2.68, which was later confirmed to have been compromised. Trust Wallet acknowledged the breach in a post on X and urged users to immediately upgrade to version 2.89 to prevent further exposure.

The attack was not a sudden event. Investigations suggest it was carefully planned weeks in advance, raising serious questions about how the exploit was executed and who may have been involved.

CZ Confirms Full Reimbursement for Victims

Changpeng Zhao, co-founder of Binance, which owns Trust Wallet, said the company will fully cover the losses incurred by affected users. In a post shared on Friday, Zhao confirmed that the stolen funds would be reimbursed, offering some relief to victims of the attack.

Trust Wallet claims to serve more than 220 million users worldwide, making the exploit a high-profile incident in the self-custody wallet space. While the financial damage was relatively limited compared to other major crypto hacks, the breach has amplified concerns around wallet security and internal safeguards.

Attack Prepared Weeks in Advance

Blockchain security firm SlowMist revealed that the attackers began preparing the exploit as early as December 8. According to Yu Xian, co-founder of SlowMist, the malicious backdoor was successfully implanted into the extension on December 22, just days before funds began moving out of user wallets on Christmas Day.

Once the stolen funds started transferring, the activity was detected and the issue came to light. The timeline suggests the attackers had ample time to study the system and execute the exploit with precision.

Onchain investigator ZachXBT later confirmed that hundreds of Trust Wallet users were impacted by the incident, reinforcing the scale of the compromise.

Personal Data Also Exposed

Beyond the financial losses, the exploit carried another troubling element. SlowMist found that the backdoor code embedded in the extension was also exporting users’ personal information to servers controlled by the attacker. This included sensitive data, adding a privacy breach to the list of consequences.

Security researchers noted that the level of access required to insert such code points to a deep familiarity with the Trust Wallet extension’s source code. This detail has fueled speculation that the exploit may not have been carried out by an external attacker alone.

Insider Activity Suspected

Several industry figures have openly raised concerns about possible insider involvement. The attacker was reportedly able to submit a new version of the Trust Wallet extension to the official website, a step that would normally require internal access or approval.

Intergovernmental blockchain adviser Anndy Lian described the incident as highly unusual, stating that the chances of insider involvement appeared high. Zhao echoed similar views, saying the exploit was most likely the result of insider activity.

SlowMist’s Yu Xian also emphasized that the attacker’s intimate knowledge of the extension’s codebase strongly suggested internal familiarity, making the case for an insider angle harder to dismiss.

Wallet Exploits on the Rise

The Trust Wallet incident comes amid a broader rise in personal wallet compromises across the crypto industry. According to Chainalysis, personal wallet hacks accounted for 37 percent of the total value stolen in 2025, excluding the massive $1.4 billion Bybit hack in February.

While the $7 million loss at Trust Wallet is small compared to some past incidents, it highlights ongoing vulnerabilities in tools that many users rely on for self-custody. In February 2024, Axie Infinity co-founder Jeff Zirlin lost $9.7 million worth of Ether in a suspected wallet exploit, underscoring that even experienced crypto insiders are not immune.

As investigations continue, the Trust Wallet hack is likely to remain a key case study in how extension security, internal controls, and user trust intersect in the rapidly evolving crypto ecosystem.