Trust Wallet has confirmed a security incident affecting users of a specific version of its browser extension, following reports that millions of dollars in cryptocurrency were drained from customer wallets over a short period of time.
The issue first gained attention after onchain investigator ZachXBT shared a community alert on Telegram, warning that multiple Trust Wallet users were reporting unexplained fund losses. According to ZachXBT’s initial findings, the affected wallets appeared to be linked to a recent update of the Trust Wallet Chrome browser extension. While the precise technical cause has not yet been publicly identified, the timing raised concerns about a potential vulnerability introduced during the update process.
Based on an early review of theft-related wallet addresses, ZachXBT estimated that attackers siphoned off more than $6 million from hundreds of users. The figure may change as further analysis continues.
Trust Wallet later acknowledged the incident in a post on X, stating that the problem impacted Trust Wallet Browser Extension version 2.68. The company urged users running that version to disable it immediately and upgrade to version 2.69, which it says resolves the issue.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
— Trust Wallet (@TrustWallet) December 25, 2025
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
“Users with Browser Extension 2.68 should disable and upgrade to 2.69,” Trust Wallet said, adding that mobile-only users and those on other browser extension versions were not affected.
As a precaution, Trust Wallet also advised users who have not yet updated to avoid opening the extension until the upgrade is completed, noting that this step could help prevent further losses. The company said its security team is actively investigating the matter and will provide updates as more information becomes available.
Changpeng Zhao, founder of Binance and owner of Trust Wallet, addressed the incident separately, stating that affected users will be reimbursed. In a post on X, Zhao said losses had reached roughly $7 million and emphasized that Trust Wallet would cover the damages, assuring users that funds remain protected.
For users who haven't already updated to Extension version 2.69, please do not open the Browser Extension until you have updated. This may help to ensure the security of your wallet and prevent further issues.
— Trust Wallet (@TrustWallet) December 26, 2025
The breach comes during a period of heightened activity by hackers and scammers across the crypto sector. According to estimates from Chainalysis, cryptocurrency-related theft has exceeded $3.41 billion so far this year, slightly higher than the total recorded in the same period last year. The trend underscores ongoing security challenges as digital assets become more widely used.
Trust Wallet has not yet shared detailed technical findings, and inquiries for further comment are ongoing.
