{"id":7624,"date":"2025-12-27T22:27:25","date_gmt":"2025-12-27T22:27:25","guid":{"rendered":"https:\/\/villpress.com\/?p=7624"},"modified":"2025-12-27T22:27:48","modified_gmt":"2025-12-27T22:27:48","slug":"trust-wallet-launches-7m-reimbursement-program-after-chrome-extension-hack-experts-call-it-an-apt-level-breach","status":"publish","type":"post","link":"https:\/\/villpress.com\/fr\/trust-wallet-launches-7m-reimbursement-program-after-chrome-extension-hack-experts-call-it-an-apt-level-breach\/","title":{"rendered":"Trust Wallet Launches $7M Reimbursement Program After Chrome Extension Hack \u2014 Experts Call It an \u201cAPT-Level\u201d Breach"},"content":{"rendered":"<p>Trust Wallet is rolling out a full compensation program for users hit by a holiday-season Chrome extension hack that drained roughly <strong>$7 million<\/strong> in crypto. The Binance-backed company is promising <strong>100% reimbursement<\/strong> for verified victims as scrutiny intensifies over browser-based wallet security.<\/p>\n\n\n\n<p>The breach was highly targeted. Only users who interacted with <strong>Chrome extension version 2.68<\/strong> between <strong>December 24 and December 26, 2025<\/strong> were vulnerable. Trust Wallet\u2019s mobile apps and non-Chrome browser users were unaffected.<\/p>\n\n\n\n<p>But the fallout is significant: blockchain forensics show that attackers looted millions across Bitcoin, Ethereum, and Solana, moving more than <strong>$4 million<\/strong> through exchanges in rapid laundering cycles.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">What Went Wrong<\/h2>\n\n\n\n<p>According to Trust Wallet, attackers used a <strong>leaked Chrome Web Store API key<\/strong> to upload a malicious update (v2.68) on December 24. The tainted build injected seed-phrase-stealing code via a modified analytics library, effectively intercepting users&#8217; recovery phrases the moment they logged in.<\/p>\n\n\n\n<p>By Christmas Day, reports of drained wallets reached on-chain analyst <strong>ZachXBT<\/strong>, who flagged the issue on Telegram. Trust Wallet scrambled to push a clean update (v2.69) on December 25 and told users to disable the compromised version immediately.<\/p>\n\n\n\n<p>Security firms <strong>SlowMist<\/strong> and <strong>PeckShield<\/strong> say attackers may have prepared weeks earlier, citing a rogue domain registered on December 8. SlowMist labeled the breach \u201c<strong>APT-level<\/strong>\u201d\u2014suggesting an unusually sophisticated actor or possible insider access. Even Binance co-founder <strong>Changpeng Zhao (CZ)<\/strong> speculated it was \u201cmost likely\u201d an inside job, though investigations continue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">The Damage<\/h2>\n\n\n\n<p>PeckShield estimates the stolen funds span:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Bitcoin:<\/strong> ~$3M<\/li>\n\n\n\n<li><strong>Ethereum &amp; L2 tokens:<\/strong> $3M+<\/li>\n\n\n\n<li><strong>Solana:<\/strong> ~$431K<\/li>\n<\/ul>\n\n\n\n<p>Of the ~<strong>$7M<\/strong> total, more than <strong>$4.25M<\/strong> has already been laundered through ChangeNOW, HTX, FixedFloat, KuCoin, and other exchanges. Roughly <strong>$2.8M<\/strong> remains in attacker-controlled wallets.<\/p>\n\n\n\n<p>This incident adds to more than <strong>$713M<\/strong> in wallet-related losses recorded in 2025, underscoring the growing security gaps in self-custody tools.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">How Affected Users Can Claim Compensation<\/h2>\n\n\n\n<p>Trust Wallet has opened an official claims portal at:<\/p>\n\n\n\n<p><strong>trustwallet-support.freshdesk.com\/support\/tickets\/new<\/strong><\/p>\n\n\n\n<p>Victims must provide:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email &amp; country (for possible legal proceedings)<\/li>\n\n\n\n<li>Compromised wallet addresses<\/li>\n\n\n\n<li>Attacker wallet addresses<\/li>\n\n\n\n<li>Transaction hashes<\/li>\n\n\n\n<li>Estimated loss amount<\/li>\n\n\n\n<li>A fresh wallet address for reimbursement<\/li>\n<\/ul>\n\n\n\n<p>The company says each case will undergo <strong>manual verification<\/strong> to prevent fraudulent claims and warns users to avoid impostor sites requesting seed phrases or passwords.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">Trust Wallet\u2019s Response, and CZ\u2019s Assurance<\/h2>\n\n\n\n<p>Trust Wallet CEO <strong>Eowyn Chen<\/strong> acknowledged that the malicious upload bypassed internal safeguards and said the team is now implementing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Outside security audits<\/li>\n\n\n\n<li>Stricter internal access controls<\/li>\n\n\n\n<li>Quarterly third-party reviews<\/li>\n<\/ul>\n\n\n\n<p>CZ reiterated that affected users\u2019 funds are \u201c<strong>SAFU<\/strong>,\u201d referencing Binance\u2019s history of covering over <strong>$1 billion<\/strong> in user losses during major incidents.<\/p>\n\n\n\n<p>No exact payout timeline has been given, but Trust Wallet says its team is verifying claims \u201caround the clock.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">Are Browser Wallets Too Risky?<\/h2>\n\n\n\n<p>The hack has reignited debate across X and Telegram about whether browser extensions\u2014even from major brands, are fundamentally unsafe.<\/p>\n\n\n\n<p>\u201c<strong>Browser extensions are hack magnets,<\/strong>\u201d one researcher wrote, calling for increased adoption of hardware wallets and multisig setups for high-value storage.<\/p>\n\n\n\n<p>For others, Trust Wallet\u2019s rapid reimbursement is a welcome precedent. But the broader takeaway is sobering: as crypto adoption accelerates, attackers are shifting from protocol exploits to <strong>software supply-chain attacks<\/strong>, often easier to execute and harder to detect.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">Timeline of This Events<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dec 8, 2025:<\/strong> Rogue exfiltration domain registered.<\/li>\n\n\n\n<li><strong>Dec 24, 12:32 p.m. UTC:<\/strong> Malicious v2.68 pushed to Chrome Web Store via leaked API key.<\/li>\n\n\n\n<li><strong>Dec 25:<\/strong> Community reports; v2.69 safe version released.<\/li>\n\n\n\n<li><strong>Dec 26, 11 a.m. UTC:<\/strong> Exposure window ends.<\/li>\n\n\n\n<li><strong>Dec 26 (later):<\/strong> Forensics reveal >$4M laundered.<\/li>\n\n\n\n<li><strong>Dec 27:<\/strong> Trust Wallet launches compensation program; CZ confirms full coverage.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\">Here is What We Should Know<\/h2>\n\n\n\n<p>Trust Wallet\u2019s reimbursement move may soften the blow, but the breach adds fuel to longstanding concerns over extension-based wallets. As 2026 approaches, wallet security, especially around supply-chain vulnerabilities, will likely define the next wave of crypto infrastructure debates.<\/p>","protected":false},"excerpt":{"rendered":"<p>Trust Wallet is rolling out a full compensation program for users hit by a holiday-season Chrome extension hack that drained roughly $7 million in crypto. The Binance-backed company is promising 100% reimbursement for verified victims as scrutiny intensifies over browser-based wallet security. The breach was highly targeted. Only users who interacted with Chrome extension version [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7625,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[166],"tags":[855,834,692,854],"ppma_author":[331,332],"class_list":{"0":"post-7624","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-crypto","8":"tag-crypto","9":"tag-cyberattack","10":"tag-security","11":"tag-trust-wallet"},"authors":[{"term_id":331,"user_id":1,"is_guest":0,"slug":"pastakutmanwen","display_name":"Villpress Insider","avatar_url":{"url":"https:\/\/villpress.com\/wp-content\/uploads\/2025\/05\/Logo.png","url2x":"https:\/\/villpress.com\/wp-content\/uploads\/2025\/05\/Logo.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""},{"term_id":332,"user_id":3,"is_guest":0,"slug":"sebastianhills","display_name":"Sebastian Hills","avatar_url":"https:\/\/villpress.com\/wp-content\/uploads\/2024\/08\/sebas-96x96.jpg","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/7624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/comments?post=7624"}],"version-history":[{"count":1,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/7624\/revisions"}],"predecessor-version":[{"id":7626,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/7624\/revisions\/7626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/media\/7625"}],"wp:attachment":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/media?parent=7624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/categories?post=7624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/tags?post=7624"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/ppma_author?post=7624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}