Christmas turned into a nightmare for hundreds of crypto users when their Trust Wallet browser extension got hacked. Trust Wallet’s browser extension got compromised, and over $6 million disappeared from user wallets. Hundreds of people woke up to find their funds gone.
The wallet provider confirmed the breach on Thursday. Everyone who lost money had done the same thing: installed the new Trust Wallet browser extension update right before getting drained.
The Trust Wallet Browser Extension Hack Explained
Here’s what went down. Trust Wallet pushed out version 2.68 on Wednesday, December 24th. People installed it like any other update. Nothing looked off.
Turns out, hackers sneaked malicious code into that official update. They made it look legit while it quietly grabbed people’s seed phrases. The second someone imported their recovery words into version 2.68, boom – wallet drained in minutes.
Trust Wallet put out a statement on X: “We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Trust Wallet Browser Extension 2.68 should disable and upgrade to 2.69.”
Browser extensions get deep access to your computer. They can see your web pages, cookies, stored data, and browsing history. When bad actors get control of that access, they can steal your info without setting off normal security alarms.
Also Read: Layer 1 vs. Layer 2: What’s the Difference and Why It Matters
The Damage: $6 Million Gone
Early numbers showed over $6 million stolen. The thieves grabbed SOL, BTC, and tokens from various EVM chains.
Data from Arkham Intelligence showed the hackers spread the stolen crypto across multiple wallets. They hit users on different blockchains too – Ethereum networks, Bitcoin, Solana, you name it.
One person posted about losing more than $300,000 after coming back from Christmas dinner. They said the transactions went through in just four minutes. Though ZachXBT later called that account sketchy – apparently, it had 44 username changes and a history of running meme coin scams.
Who Got Burned?
Only version 2.68 users were at risk. Trust Wallet confirmed the mobile app stayed safe. Other extension versions didn’t have any problems either.
The timing sucked. Rolling out an update on Christmas Eve when everyone’s distracted? The hackers probably planned it that way. Security teams move more slowly during holidays.
Here’s the scary part: just importing your seed phrase into the bad extension was enough. The malicious code snatched those recovery words and sent them straight to the attackers.
Also Read: AI Agents for Automated Yield Farming: The Future of Passive Income in DeFi
Trust Wallet’s Response
Trust Wallet moved fast once they caught on. They released version 2.69 as a fix and told everyone to update through the official Chrome Web Store right away.
“We understand how concerning this is, and our team is actively working on the issue,” they wrote. “We’ll keep sharing updates as soon as possible.”
Their support team started reaching out to people who got hit. They said they’re working with victims on next steps, but haven’t mentioned anything about refunds or compensation yet.
They also warned people to only download from official sources. Scammers love creating fake updates when stuff like this happens.
How’d They Do It?
The attackers managed to slip bad code into an official update that went through normal channels. That’s called a supply chain attack – when hackers mess with the actual software distribution system.
Security folks think the hackers might have broken into developer computers, gotten access to code storage, or found holes in how updates get approved. Nobody knows the exact method yet.
Browser extensions are tricky to secure. They need lots of permissions to work right, which opens doors for abuse. And when an extension handles private keys and seed phrases right in your browser, any breach becomes a total disaster.
This isn’t Trust Wallet’s first security headache either. HackerNews reported earlier this year that some wallet extensions were stealing user keys and IP addresses. Extension-based attacks keep happening across the crypto space.
Also Read: Top 10 Meme Coins to Buy in 2026: Beyond Dogecoin & Shiba
What You Should Do Now
Got version 2.68 installed? Stop using it immediately. Don’t even open it. Seriously, don’t check your balance or anything. Just disable it in your browser settings.
Grab version 2.69 from the official Chrome Web Store only. Check the publisher name. Read reviews. Scammers make fake versions during security incidents to steal even more.
Had funds in the affected wallet? Consider them compromised. Make a brand new wallet with a completely fresh seed phrase on updated software. Move whatever’s left there ASAP.
Hardware wallets work way better for big amounts. Browser extensions are convenient but risky. Keep your serious holdings in cold storage. Use hot wallets only for trading with money you can lose.
Turn on two-factor authentication everywhere you can. Check your wallet addresses regularly for weird transactions. Some services let you set up alerts for big transfers – use that if it’s available.
Can I use Trust Wallet now?
Yeah, after updating to 2.69 or newer. The mobile app never had problems. Only that specific Trust Wallet browser extension version 2.68 was compromised.
How do I know if I got hit?
Look at your transaction history for unauthorized transfers on December 25-26. If you installed extension version 2.68 during that time, contact Trust Wallet support right away.
Should I ditch browser extensions?
Browser extensions are handy but riskier than hardware wallets. For serious crypto amounts, cold storage is smarter. Only use extensions for amounts you’re okay losing.
What about my current Trust Wallet?
If you used the bad version, make a new wallet with a fresh seed phrase on clean, updated software. Move any remaining funds there. Never reuse seed phrases from wallets that might be compromised.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
TRON 
Lido Staked Ether 
Dogecoin 
Figure Heloc 