Overview of the Incident
In a concerning turn of events, Trust Wallet has confirmed that it is compensating users after a significant breach resulted in the theft of approximately $7 million in digital assets from its Chrome extension. This attack specifically impacted users who logged into the extension before 11 a.m. UTC on December 26, 2025, and was facilitated by a vulnerability resulting from a leaked Chrome Web Store API key.
Details of the Breach
The attack began when the leaked API key enabled the deployment of a malicious update, which circumvented Trust Wallet’s internal release procedures. Users who had installed version 2.68 of the extension unwittingly exposed their wallet seed phrases, leading to asset theft across several blockchains, including Bitcoin, Ethereum, and Solana.
Following the breach, Trust Wallet promptly released a fix in version 2.69 on December 25, 2025, underscoring their commitment to user security. Affected users are now able to submit claims through an official support form to receive compensation for their losses.
Response from Trust Wallet and Binance
Changpeng Zhao, the founder of Binance, which acquired Trust Wallet in 2018, has publicly assured users that the platform will cover all losses incurred due to the hack. Zhao stated, “Trust Wallet will cover the $7 million affected by this hack,” emphasizing Binance’s dedication to ensuring that user funds remain ‘SAFU’ (Secure Asset Fund for Users).
As Trust Wallet aids users in navigating this difficult situation, they advise caution regarding potential phishing scams arising from the breach. Users have been alerted to only utilize the official compensation form available on the Trust Wallet website, as fake forms and impersonation schemes are proliferating in the wake of the incident.
Investigation and Recovery Efforts
Blockchain security firms quickly moved to investigate the breach, identifying the malicious code embedded in the compromised extension. This code utilized a modified open-source analytics library to capture sensitive user data. Monitoring by PeckShield revealed that over $4 million of the stolen assets had already been cycled through various centralized exchanges. As of December 28, approximately $2.8 million of the stolen funds remained in the attackers’ wallets.
Trust Wallet is collaborating with blockchain security experts to track and recover the stolen assets. The company is committed to investigating the full extent of the breach and reinforcing its security measures to safeguard users in the future.
Continuing Commitment to Security
As Trust Wallet navigates the aftermath of this significant security lapse, the company emphasizes its resolve to restore user confidence. The swift response in compensating affected users illustrates Trust Wallet’s dedication to maintaining a secure environment for digital asset management. They urge users to remain vigilant and report any suspicious activities as the investigation continues.
