- A Trust Wallet Chrome extension update (v2.68) triggered rapid wallet drains starting December 24.
- On-chain data confirms over $6 million lost across Ethereum networks, Bitcoin, and Solana within hours.
- Trust Wallet acknowledged the issue after more than 30 hours and pushed users to upgrade to v2.69.
User funds began disappearing on December 24 after a new Trust Wallet Chrome extension update. Reports showed full wallet drains soon after users entered seed phrases into the browser extension version 2.68.
Losses spread across Ethereum-based networks, Bitcoin, and Solana. On-chain data confirms fast transfers with no delay or staging. Funds moved out within minutes. Blockchain investigator ZachXBT tracked the activity and estimated losses above $6 million within hours.
The stolen funds went to multiple wallets. Among them, a newly-created wallet still holds more than 255 ETH, worth about $750,000. More than 12 BTC moved through a single Bitcoin address as well.
Trust Wallet Confirms Security Incident
Trust Wallet confirmed a security incident tied to browser extension version 2.68. The company urged users to stop using that version and upgrade to version 2.69 at once. Mobile-only users were not affected. Other extension versions were also not affected.
The company issued its first public warning more than 30 hours after the first reports. During that window, fund transfers continued through late December 25.
Trust Wallet has not released a full technical cause and has not confirmed whether the update itself caused the breach.
Binance to Cover User Losses
Changpeng Zhao, founder of Binance and owner of Trust Wallet, stated that all affected users will receive reimbursement. He said total losses reached about $7 million and will be covered by Binance’s Secure Asset Fund for Users (SAFU).
Binance is now reviewing how the malicious behavior passed checks and reached users. No recovery steps or audit results have been published so far. Analysts have advised reviewing transactions, revoking permissions, and moving remaining funds to new wallets with fresh seed phrases.
The incident has raised concerns around browser-based crypto wallets. Chrome extensions run with high permissions. Past cases show that a single bad update can expose seed phrases or alter transaction data.
Related: Hacked Binance WeChat Triggers 200% Mubarakah Surge, CZ Issues Warning
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/trust-wallet-chrome-extension-breach-drains-over-6m-in-user-funds/
