
Multi-chain crypto wallet provider Trust Wallet has confirmed a security breach on Thursday, with estimated initial losses exceeding $6 million.
Blockchain security expert ZachXBT flagged the incident after multiple Trust Wallet users experienced unauthorized fund outflows. All victims have one thing in common ā they installed the new Trust Wallet extension before the theft.
āWeāve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only,ā the crypto wallet wrote on X.
āUsers with Browser Extension 2.68 should disable and upgrade to 2.69.ā
Following the initial report, ZachXBT noted that the number of victims has risen to the hundreds, with funds over $6 million siphoned in SOL, BTC and EVM tokens.
Besides, Arkham data shows that exploiters made use of several receiving addresses, moving funds across various wallets.

Trust Wallet Users Report Losing Funds
Several Trust Wallet users reported that funds were drained from their wallet addresses within a short time frame on Christmas.
One user took to X, reporting the loss of over $300,000 after coming back from Christmas. āEverything Iāve been building for. Stolen on Christmas Day.ā The transactions took place within a 4-minute window, the user added.
Users reported that multiple blockchains, including EVM-compatible networks, Bitcoin, and Solana, were affected.
What Happened
Trust Wallet released a new browser extension update on Wednesday, which users installed through the usual update process.
At first, the extension appeared legit, however, hackers masqueraded the code address, extracting usersā seed phrases and draining wallets.
āReports indicate that importing a seed phrase into the extension can result in immediate wallet draining,ā wrote one user.
Browser extensions operate with elevated access to web pages, cookies, storage, and browsing activity. When abused, they provide a near-perfect avenue for credential theft ā without triggering traditional endpoint defences.
Recently, several reports have surfaced with high-profile extension-related wallet threats. Per HackerNews, more than 40 fake crypto wallet extensions were stealing usersā keys and IPs early this year.
Trust Wallet noted that mobile-only users and other browser extension versions were not impacted by the breach.
āWe understand how concerning this is, and our team is actively working on the issue. Weāll keep sharing updates as soon as possible,ā the team wrote on X.
Further, in a latest update, the wallet said that the customer support is already in touch with impacted users regarding next steps.
Credit: Source link









