Trust Wallet Hacked: What Crypto Users Should Do Now

bitcoinistPublished on 2025-12-26Last updated on 2025-12-26

Abstract

Trust Wallet has confirmed a security incident specifically affecting its Chrome browser extension version 2.68, advising users to immediately disable and upgrade to version 2.69. Mobile-only users and those on other extension versions are not impacted. The breach was first flagged by on-chain investigator ZachXBT, who reported multiple users had funds drained. Cybersecurity firm PeckShield estimates losses exceeded $6 million, with a portion sent to centralized exchanges. Trust Wallet is directing affected users to contact support, and Binance founder Changpeng Zhao has stated that Trust Wallet will cover the estimated $7 million in losses. Users are urged to update their extensions and avoid using version 2.68 until upgraded.

Trust Wallet says a “security incident” hit only one slice of its product stack: the Chrome browser extension on version 2.68. If you are a mobile-only user, the company says you’re not affected. If you are on any other extension version, the company says you’re not affected either. The problem, per Trust Wallet’s own wording, is tightly scoped, even if the fallout doesn’t feel that way when you’re staring at an emptied address.

The first public flare went up on Dec. 25 via on-chain investigator ZachXBT, who posted a Telegram warning that “a number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple of hours.”

He stressed that “the exact root cause has not been determined,” then pointed out an uncomfortable coincidence: “the Trust Wallet Chrome extension pushed a new update yesterday.” In the same message, he asked victims to DM him on X so he could “update the list of theft addresses below as I verify more,” and he began publishing alleged theft destinations across multiple chains. His list included multiple EVM addresses and a Solana address.

Trust Wallet Confirms The Hack

The wallet firm later confirmed the incident on X. “We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69,” the company wrote, linking users to the official Chrome Web Store listing.

It added: “Please note: Mobile-only users and all other browser extension versions are not impacted.” The post closed with the kind of line every security team ends up typing sooner or later: “We understand how concerning this is and our team is actively working on the issue. We’ll keep sharing updates as soon as possible.”

Then the guidance got more urgent, and more specific. Trust Wallet warned users who hadn’t updated to 2.69: “please do not open the Browser Extension until you have updated. This may help to ensure the security of your wallet and prevent further issues.”

In a follow-up, it spelled out a step-by-step that boils down to: don’t open the extension, go to Chrome’s extensions page for Trust Wallet, toggle it off if it’s still on, enable Developer mode, hit “Update,” and confirm you’re on version 2.69 before doing anything else. It’s not glamorous, but it’s actionable, which is what matters when you’re in incident mode.

As the claims and counterclaims swirled, cybersecurity firm PeckShield put an early dollar figure on the damage. “The Trust Wallet exploit has drained >$6M worth of cryptos from victims,” PeckShield wrote, adding that while about “~$2.8M of the stolen funds remain in the hacker’s wallets (Bitcoin/EVM/Solana), the bulk – >$4M in cryptos – has been sent to CEXs,” with a breakdown of “~$3.3M to ChangeNOW, ~$340K to Fixed Float, & ~$447K to Kucoin.”

One more pressure point surfaced quickly: compensation. ZachXBT said, “I currently have many concerned victims contacting me via DM so can your team please clarify if you will be offering any compensation for Trust Wallet Browser Extension users.” Trust Wallet did not answer that directly in public. Instead, it replied that its customer support team was already in touch with impacted users regarding next steps and directed people to reach out via its support channel.

So what should users do now, in plain terms? If you are on extension version 2.68, Trust Wallet’s instruction is to stop using it as-is: disable it and upgrade to 2.69 before you open it again. If you think you were affected, the company is routing users to support, while independent investigator ZachXBT is asking for reports to help map theft flows.

UPDATE: Binance founder Changpeng Zhao confirmed via X that user will be compensated for the hack. “So far, $7m affected by this hack. Trust Wallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. The team is still investigating how hackers were able to submit a new version,” Zhao wrote today.

At press time, the total crypto market cap stood at $2.95 trillion.

Total crypto market cap sits below the 2021 high, 1-week chart | Source: TOTAL on TradingView.com

Related Questions

QWhich specific version of the Trust Wallet extension was affected by the security incident?

AThe security incident affected Trust Wallet Browser Extension version 2.68 only.

QWhat is the primary action users of the affected extension version should take immediately?

AUsers on version 2.68 should disable the extension and upgrade to version 2.69 before opening it again.

QAccording to cybersecurity firm PeckShield, what was the estimated value of crypto drained in the exploit?

APeckShield reported that the exploit drained over $6 million worth of cryptocurrencies from victims.

QWho first publicly reported the potential issue with Trust Wallet on December 25th?

AOn-chain investigator ZachXBT first reported the issue via a Telegram warning.

QDid Trust Wallet or its parent company commit to compensating affected victims?

AYes, Binance founder Changpeng Zhao confirmed via X that Trust Wallet would cover the losses, stating that user funds are SAFU.

Related Reads

The Shutdown of Claude Mythos Revealed the True Cost of Renting AI to Me

The sudden shutdown of Claude Mythos this week starkly highlights a critical, often overlooked risk for founders: when your core capability relies entirely on someone else's platform, your fate is not in your own hands. The key question becomes: who truly owns the intelligence your product depends on? For years, the debate around open-source models focused on cost. Now, the evidence is clear: fine-tuned open-source models can achieve frontier-level quality for specific, mission-critical tasks at a fraction of the cost. However, the deeper issue is control. Relying on a third-party API is like renting; it works until the landlord changes the rules, raises the rent, or asks you to leave—as Mythos experienced. The lesson is not to stop using frontier models—they are incredible infrastructure. The goal is ownership. Ownership means starting with a powerful open-source model and shaping it around what makes your company unique: your data, workflows, domain expertise, and definition of "good." Over time, the model becomes less generic and more reflective of your business, creating durable value. The optimistic conclusion is that AI's future doesn't hinge on one superior model. There is no single frontier. The frontier includes proprietary models, models fine-tuned on company-specific knowledge, specialized models for narrow problems, and intelligent routers orchestrating model ensembles. The most interesting development is not models getting smarter, but intelligence becoming increasingly customizable. The winning companies will be those that transform intelligence into a unique, owned asset. Looking ahead, the vision is not one model dominating all, but many teams owning the part of the frontier that matters most to them.

marsbit7m ago

The Shutdown of Claude Mythos Revealed the True Cost of Renting AI to Me

marsbit7m ago

Tiger Research: U.S. Strategic Bitcoin Reserve - Should the Market Be Happy or Disappointed?

Tiger Research analyzes the evolution of U.S. legislative efforts regarding a strategic Bitcoin reserve, concluding the market impact is limited in the short term but potentially positive long-term. The core event was a March 2025 executive order by former President Trump, which designated confiscated Bitcoin as a strategic reserve and promised not to sell existing holdings (approx. 190k BTC). As it contained no mandate to purchase new Bitcoin, the market reacted negatively, with prices dropping 5.7%. Legislative history shows a significant retreat from initial ambitions. The 2024 "BITCOIN Act" proposed mandatory purchases of 1 million BTC over five years. Reintroduced in 2025, it stalled due to high fiscal costs, concerns over dollar hegemony, and opposition from the Treasury Secretary. The current frontrunner, the 2026 "American Retirement and Monetary Advancement (ARMA) Act," is a compromise. It lacks any purchase requirement, instead focusing on consolidating existing government-held Bitcoin and legally prohibiting its sale for at least 20 years. While ARMA has higher passage odds due to bipartisan support and no purchase mandate, its immediate market effect is neutral. It eliminates potential government selling pressure but creates no new demand. The long-term significance is that formally establishing Bitcoin as a national reserve asset in law could later reignite debates on mandatory purchases. Therefore, the path to a government buyer is longer than initially priced by the market, but the directional narrative remains intact.

marsbit10m ago

Tiger Research: U.S. Strategic Bitcoin Reserve - Should the Market Be Happy or Disappointed?

marsbit10m ago

The Calculation Behind Plasma's U Card with Free Claude Membership

Plasma has launched a three-tiered "U Card" (Visa stablecoin debit card) system, introducing a new demand mechanism for its XPL token through membership lock-ups. The cards offer increasing benefits: * **Lite:** Free, 2% cashback, no lock-up. * **Core:** Costs $120/year or requires locking 10,000 XPL for 12 months. Offers 3% cashback, 5% AI spending cashback (on up to $500/month), and a ChatGPT Go subscription. * **Platinum:** Requires locking 100,000 XPL for 12 months. Offers 4% cashback, 10% AI cashback, Claude Pro & ChatGPT Plus subscriptions, and extensive travel/insurance benefits. The analysis suggests Lite is for trialing, Core's value depends on substantial AI spending, and Platinum is mainly for existing large XPL holders due to the significant lock-up value and price volatility risk. The primary impact is creating a non-speculative use case for XPL. Locking XPL for card tiers can reduce circulating supply, helping counter future token unlocks and inflation. However, the system's success depends on real user adoption for daily spending, not just acquiring cards for rewards. The program expands Plasma's reach from a pure stablecoin transfer chain into consumer finance, tying XPL's utility to real-world payment frequency.

Foresight News12m ago

The Calculation Behind Plasma's U Card with Free Claude Membership

Foresight News12m ago

US Stock Market Trend (June 16): SpaceX Rises 42% in Two Days, New Fed Chairman Takes Office Today

**U.S. Stocks Trend (June 16): SpaceX Soars 42% in Two Days, New Fed Chair Takes Office Today** Markets surged on Monday following former President Trump's social media announcement of a completed U.S.-Iran deal to reopen the Strait of Hormuz, pending a June 19 signing. The news triggered a broad risk-on rally: oil prices crashed, tech stocks soared, bond yields fell, and defensive sectors lagged. **Market Performance:** The Nasdaq jumped 3.07%, led by semiconductor stocks like Micron (+9.2%). The S&P 500 gained 1.65%, and the Dow rose 0.92% to a record high. However, the Russell 2000 small-cap index underperformed (+0.72%). SpaceX continued its hot streak, rising another 5% pre-market after disclosures of large buys by an Australian billionaire and Cathie Wood's ARK. Boeing also rallied on the transportation optimism. Conversely, energy stocks like Chevron fell over 3% on the oil price plunge, with other defensive sectors also selling off. The day's action showed a clear rotation of funds from energy/defensive plays into AI and tech narratives. **Macro & Outlook:** The VIX fear index fell 8.37%. Treasury yields declined, and WTI crude dropped over 5%. Attention now shifts to a packed schedule: the Bank of Japan is widely expected to hike rates to 1.0% on Tuesday. The Fed's June meeting concludes Wednesday, marking new Chair Wash's debut. While rates are expected to hold, his tone on stubborn inflation and the "dot plot" will be crucial for gauging the 2024 rate path. The formal Iran deal signing is set for Friday. **Trend Perspective:** While the peace deal is a genuine positive, Monday's explosive rally may have gotten ahead of itself, pricing in a swift resolution to inflation concerns. The shortened trading week faces a triple test: BoJ tightening, the Fed's policy stance, and deal implementation details. Tech and semiconductors, which led the surge, remain vulnerable to any disappointment from these key events. The real price discovery begins with the central banks' communications this week.

marsbit31m ago

US Stock Market Trend (June 16): SpaceX Rises 42% in Two Days, New Fed Chairman Takes Office Today

marsbit31m ago

Xiaohongshu's Second Great Voyage, This Time Sailing Towards AI

Xiaohongshu's Second Voyage: Navigating Towards AI Since ChatGPT's emergence, Xiaohongshu's founder Mao Wenchao has been acutely aware of AI's potential threat, recognizing that the life advice people seek from chatbots overlaps directly with his platform's core business. Founded in 2013 as a PDF shopping guide for Chinese tourists, Xiaohongshu evolved into a massive community where millions share authentic, personal experiences—from product reviews to travel tips. This vast repository of "I've tried this" human judgment became its most valuable asset. However, the rise of AI, which delivers instant answers, challenges the very need for users to sift through numerous personal notes. Fearing its treasure trove of lived experience could become mere training data for others, Xiaohongshu is proactively adapting. In 2026, it established a dedicated AI division (Dots), launched RED Skill to turn user experiences into usable AI tools, and acquired the AI search product "Diandian." Its investments now extend to AI firms like MiniMax and hardware startups, moving upstream to address needs before they even become search queries. The platform's commercialization strategy is also evolving. With a newly acquired payment license and tools like the AIPS model to track consumer decision journeys, Xiaohongshu aims to seamlessly integrate recommendations with transactions, embedding commerce within AI-generated answers. Yet, a critical tension remains. While building smarter machines to organize and leverage its human experiences, Xiaohongshu must prevent AI from drowning out the authentic, flawed, and trustworthy "I've tried this" voices that built its community. Its core challenge is to harness AI's power without letting the map—the machine's perfect, synthesized answer—replace the territory of genuine human experience. This balance between technological advancement and preserving human trust defines its current journey and its future.

marsbit1h ago

Xiaohongshu's Second Great Voyage, This Time Sailing Towards AI

marsbit1h ago

Trading

Spot
Futures
活动图片