Published On: Sun, 28 Dec 2025 01:46:20 GMT

Trust Wallet to Compensate Victims of Hack Worth $7M

Trust Wallet to compensate users after breach involving its Chrome browser extension led to losses of $7 million in digital assets.

Sahil Thakur Hacks & Scams News

Dec 28, 2025

Author: Sahil Thakur

28th December 2025 – Trust Wallet to compensate users after a major security breach involving its Chrome browser extension led to the theft of approximately $7 million in digital assets. Binance founder Changpeng Zhao (CZ) confirmed that the wallet platform will reimburse all affected users.

Key Takeaways

Trust Wallet confirmed that version 2.68 of its Chrome extension was compromised, leading to about $7 million in stolen funds.
The breach occurred after attackers used a leaked Chrome Web Store API key to push a malicious update.
Trust Wallet has launched a formal compensation process and says verified victims will receive full reimbursement.
CZ confirmed that losses will be covered, while investigators say much of the stolen crypto has already moved through exchanges.

Attackers Exploited Chrome Extension Vulnerability

On December 24, attackers exploited a vulnerability in version 2.68 of Trust Wallet’s Chrome extension. By using a leaked Chrome Web Store API key, they managed to bypass internal release protocols and publish a malicious update. This code harvested wallet seed phrases by embedding malicious code into a commonly used analytics library.

The breach came to light after multiple users reported missing funds. Blockchain investigator ZachXBT first issued an alert on December 25. Trust Wallet responded quickly, releasing a patch through version 2.69 the next day.

Millions in Assets Drained

The attack affected hundreds of wallets and resulted in the loss of assets across multiple blockchains, including , Ethereum, and Solana. Blockchain security firm PeckShield revealed that over $4 million had already moved through centralized exchanges such as ChangeNOW, , and FixedFloat. Meanwhile, around $2.8 million remained in the attacker’s wallets as of December 26.

The Talk

Real voices. Real reactions.

KOLs

Media

Community

@TrustWallet $24817 was stolen from me this morning at 8:49, transferred first to one wallet, then immediately to another, I still see them on this 3rd wallet, help me get my money back

Update on Trust Wallet Browser Extension v2.68 Security Incident: Compensation Process To start the compensation process, affected users should please complete this form: https://t.co/xlBLrL6kMj to help us process your case. Our support team is prioritizing all the victims from https://t.co/yaqFNLxuyx

12:59 PM·Dec 27, 2025

@cz_binance @TrustWallet The submitted new version means you have flaws in your ci/cd sec process. The fact that it was a source code change means it was most likely a dev unless your version control procedures have been compromised. New versions should require approvals and multi sig and holding

So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏 The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b

05:17 AM·Dec 26, 2025

@cz_binance @TrustWallet surely is insider working in the team

03:42 AM·Dec 26, 2025

Jan 27, 2026

Trove Markets Alleged Mastermind Doxxed After $11.5M ICO Scam

Jan 26, 2026

ZachXBT Links $40M Crypto Theft to CMDSS Contractor’s Son

Jan 9, 2026

TRU Token Crashes 99% Amid Truebit Exploit

Jan 8, 2026

Chen Zhi Extradited to China Over $14B Crypto Scam

Fetching related reads

Importantly, users who accessed the extension before 11 a.m. UTC on December 26 were considered at risk. In contrast, mobile users and those running other extension versions were unaffected.

Claims Portal Opened for Victims

To address the incident, Trust Wallet launched an official claims process through its support portal. Affected users are required to submit their email addresses, wallet information, and transaction details. CEO Eowyn Chen stated that each claim will undergo thorough verification to ensure both accuracy and security.

Changpeng Zhao also weighed in. Posting on X, he said, “So far, $7 million affected by this hack. Trust Wallet will cover. User funds are SAFU.”

Tweet not available.

Largest Compensations Given To Users In Crypto

      Largest Compensations Returned to Users in Crypto
    
Case / Entity
Approx. Compensation
Description / Context
FTX
~$12.7 B
Court-ordered restitution & disgorgement to compensate customers after collapse
Gemini Earn
~$1.1 B+
Return of user funds tied to Genesis lending defaults under regulatory settlement
Binance Market Refunds (2025)
~$283 M
Exchange-initiated refunds for users impacted by mispriced assets during volatility
Bitfinex Hack Reimbursement
Varied (full reimbursement)
Full user reimbursement via BFX tokens after 2016 hack (value dependent on timing)
Cryptopia Liquidation Refunds
~NZ$400 M
Refunds to users during exchange liquidation following hack

Scammers Try to Exploit the Fallout

In the days following the breach, fake compensation forms began circulating online. Trust Wallet urged users to avoid unofficial links and instead rely only on its official support channels.

Broader Security Questions Remain

Although Trust Wallet reacted quickly, the breach has reignited concerns about browser-based wallets. This incident shows how a single compromised API key can lead to massive losses—even when internal systems are in place.

With around one million Chrome users, Trust Wallet now faces the challenge of restoring trust. While the company has not yet revealed plans for changes to its release process, it is continuing to cooperate with cybersecurity firms and law enforcement agencies to trace the attackers.

Frequently Asked Questions

What caused the Trust Wallet Chrome extension breach?

Attackers used a leaked Chrome Web Store API key to publish a malicious update of version 2.68. As a result, the code captured seed phrases and allowed thieves to drain wallets. Once Trust Wallet spotted the issue, the team pushed an urgent fix in version 2.69.

How much crypto did attackers steal?

Hackers stole roughly $7 million across several chains. They moved part of the funds through centralized exchanges, while the rest still sits in attacker-controlled wallets. Investigators continue to track the flows.

Who qualifies for compensation?

Anyone who used the Chrome extension version 2.68 and lost funds qualifies. Meanwhile, mobile users and people running other versions did not face risk, so they do not qualify for claims.

How can affected users submit a claim?

Victims should file a claim through Trust Wallet’s official support portal. The form asks for wallet addresses, attacker addresses, transaction hashes, and basic contact details. This information lets the team verify losses and then process compensation.

Will Trust Wallet really reimburse everyone?

Yes. Trust Wallet committed to covering verified losses, and CZ publicly backed that promise. As a result, affected users should eventually recover their stolen funds once reviews finish.

Are scammers trying to exploit the situation now?

Unfortunately, yes. Fake claim pages and impersonators appeared almost immediately. Because of this, Trust Wallet urges users to avoid unofficial links and to submit claims only through the real support site.

What should users do if they think their wallet was hit?

First, disable version 2.68 and upgrade to version 2.69. Next, move remaining funds to a brand‑new wallet and revoke risky approvals. Finally, submit a claim through the official portal and monitor updates while the review proceeds.

Trusted

Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.

Share with your community!

Or Even Better - Join the OCT Community!

Share with your community!

Or Even Better - Join the OCT Community!

Join Our Telegram Community

Trust Wallet to Compensate Victims of Hack Worth $7M

Key Takeaways

Attackers Exploited Chrome Extension Vulnerability

Millions in Assets Drained

The Talk

Related reads

Fetching related reads

Claims Portal Opened for Victims

Largest Compensations Given To Users In Crypto

Scammers Try to Exploit the Fallout

Broader Security Questions Remain

Frequently Asked Questions

Trusted

In this article

Related reads

Related reads

Related reads

Related reads

Related reads