Trust Wallet urges update after $7 million hack

Malicious code in the wallet extension harvested decrypted mnemonic phrases, with stolen funds moved through centralised exchanges and cross‑chain bridges.

Trust Wallet’s Chrome extension version 2.68 was compromised, resulting in $7 million in cryptocurrency theft, prompting an urgent update and compensation process for affected users.

Trust Wallet has urged users to update its Google Chrome extension after a security breach affecting version 2.68 resulted in the theft of roughly $7 million. The company confirmed it will refund all impacted users and advised downloading version 2.69 immediately.

Mobile users and other browser extension versions were unaffected.

Blockchain security firms revealed that malicious code in version 2.68 harvested wallet mnemonic phrases, sending decrypted credentials to an attacker‑controlled server.

Around $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum were stolen and moved through centralised exchanges and cross‑chain bridges for laundering. Hundreds of users were affected.

Analysts suggest the incident may involve an insider or a nation-state actor, exploiting leaked Chrome Web Store API keys.

Trust Wallet has launched a support process for victims and warned against impersonation scams. CEO Eowyn Chen said the malicious extension bypassed the standard release checks and that investigation and remediation are ongoing.

The incident highlights ongoing security risks for browser-based cryptocurrency wallets and the importance of user vigilance, including avoiding unofficial links and never sharing recovery phrases.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot