Malicious code in browser extension version 2.68 drained funds from hundreds of users on Christmas Day.
Trust Wallet users lost over $7 million on Christmas Day after hackers slipped malicious code into the browser extension, intercepting seed phrases and draining wallets within minutes.
Attackers compromised version 2.68 of Trust Wallet's Chrome extension through a sophisticated supply chain attack. The malicious update, released on December 24, contained a hidden JavaScript file that appeared to mimic PostHog analytics tracking code.
When users imported their recovery seed phrases into the extension, the script intercepted the sensitive data and transmitted it to a fraudulent domain mimicking Trust Wallet's official metrics endpoint. Funds began disappearing on Christmas Day, with blockchain investigator ZachXBT first flagging the breach.
The stolen assets include approximately $3 million in Bitcoin, $3 million in Ethereum, and around $430 worth of Solana. Blockchain security firm PeckShield reports that approximately $4.25 million has already been sent to centralized exchanges including ChangeNOW, FixedFloat, KuCoin, and HTX.
Supply chain attacks represent one of the most dangerous threats in crypto security because victims do not need to click phishing links or approve suspicious transactions. The malicious code executed automatically when users restored their wallets using seed phrases.
This incident highlights vulnerabilities in browser extension update mechanisms. The fraudulent domain was registered just days before the exploit, and the infected extension passed initial Chrome Web Store review. Binance founder CZ has hinted at possible insider involvement, stating the investigation is ongoing.
Mobile-only users and those on other browser extension versions were not affected. Only users who interacted with version 2.68 and imported seed phrases face risk.
CZ confirmed that Trust Wallet will fully reimburse all $7 million in losses using Binance's Secure Asset Fund for Users (SAFU). Users who interacted with the compromised extension should transfer remaining funds to a new wallet immediately and never reuse the exposed seed phrase.
Trust Wallet has released version 2.69 as a fix. The investigation continues, with potential insider involvement being examined. Affected users should also revoke existing token approvals tied to compromised addresses.
This is a developing story. Trust Wallet's response and full reimbursement commitment provide some relief, but the incident underscores the critical importance of hardware wallets and careful verification of software updates.
Wall Street giant Citigroup projects Bitcoin could reach $143,000 within 12 months, citing ETF demand and regulatory tailwinds as key catalysts.
The largest US bank is assessing spot and derivatives trading services as regulatory clarity enables traditional finance to deepen crypto involvement.
All 12 U.S. spot Bitcoin ETFs saw positive inflows on March 2, totaling $458M as BTC rebounds from February lows.
Disclaimer: News content is for informational purposes only and should not be considered financial advice. Market conditions can change rapidly. Always conduct your own research.
