Trust Wallet Users Lost $7 Million in Cryptocurrency Due to Hack

RBK-cryptoОпубликовано 2025-12-26Обновлено 2025-12-26

Введение

On December 26, the team behind Trust Wallet, a popular cryptocurrency wallet owned by Binance, reported a security breach affecting the browser extension version 2.68. According to Binance founder Changpeng Zhao, the incident was the result of a hack, resulting in losses of approximately $7 million. Users of the compromised version were advised to disable or uninstall it and upgrade to the secure version 2.69. The breach did not impact the mobile application. Trust Wallet's native token (TWT) initially dropped around 7% in price but recovered after the official announcement. Zhao stated that Trust Wallet would cover all user losses and urged affected individuals to contact support. Although no official cause was confirmed, reports suggest that version 2.68 contained hidden malicious code that intercepted users' secret recovery phrases during wallet imports, sending them to an external server. This allowed attackers to gain full access to affected wallets. Some community members, including Zhao, suspect the breach may have been an inside job involving a team member.

On the night of December 26, the team of the popular cryptocurrency wallet Trust Wallet reported a security breach that affected the browser application version 2.68. As explained by Binance founder and head of YZi Labs, which owns Trust Wallet, Changpeng Zhao, the incident occurred as a result of a hacker attack, and the damage amounted to $7 million.

Users of version 2.68 should disable or delete this build and only then install the new version 2.69, and under no circumstances should they open or use the unsafe version. The hack only concerns the browser version 2.68 and did not affect the mobile application.

The native token of Trust Wallet (TWT) reacted with a price drop of about 7%, falling for three hours before the team's announcement around 01:20 Moscow time on December 26. After the official announcement, the TWT price recovered to previous levels and the asset is trading slightly below $0.83.

Zhao stated that Trust Wallet will cover all user losses, and affected users were asked to write to the wallet's support service, a link to which can be found on the official website.

No official statements have been made regarding the causes of the hack. But its essence, according to a report by user Akinator on social network X, may be that a hidden malicious code was embedded in version 2.68 of the Trust Wallet browser extension. Akinator was one of the few who reported the hack several hours before the official confirmation from Trust Wallet.

The assumption is that when a user enters their secret phrase to import a wallet, this code stealthily intercepts the data and sends it to an external server. In this way, the attackers could gain full access to the users' wallets and funds.

The crypto community believes that the malicious code was embedded by someone from the cryptocurrency wallet team. In response to a suggestion by X user under the nickname Crazino.eth that the hack was "certainly carried out by an insider working in the team," Zhao replied "probably."

Broke the cycle. How the price of Bitcoin changed over 10 years at Christmas

AI outperformed humans in a crypto trading tournament. What were the results

Miner "capitulation" called a bullish factor for Bitcoin. Why

Связанные с этим вопросы

QWhat was the total amount of cryptocurrency lost by Trust Wallet due to the hack?

AUsers lost $7 million in cryptocurrency due to the hack.

QWhich specific version of the Trust Wallet application was compromised in the security breach?

AThe security breach affected the browser application version 2.68.

QWhat was the impact on Trust Wallet's native token (TWT) price following the incident?

AThe native token TWT initially dropped by approximately 7% but recovered to its previous levels after the official announcement, trading slightly below $0.83.

QAccording to the article, how did the alleged malware in version 2.68 potentially steal user funds?

AThe hidden malicious code allegedly intercepted a user's secret recovery phrase during wallet import and sent it to an external server, giving attackers full access to the wallets and funds.

QWho did the crypto community and Binance's Changpeng Zhao suggest might be responsible for the hack?

AThe crypto community and Changpeng Zhao suggested that the hack was likely carried out by an insider within the Trust Wallet team.

Похожее

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

W3.io and Space and Time have partnered to launch a verifiable AI finance infrastructure designed to address the accountability gap in autonomous financial operations. The collaboration combines W3’s platform for creating and automating agent-powered financial workflows with Space and Time’s verifiable data blockchain, ensuring end-to-end proof from execution to settlement. This two-layer verification system processes over 200,000 operations daily and has been validated in production by Creatorland, a platform serving 100,000 content creators. The partnership enables businesses to deploy multi-vendor financial processes quickly and auditably, with support from integrations including Circle, Stripe, and PayPal. The system provides a trust layer for autonomous financial movements, ensuring data integrity and operational transparency beyond traditional cloud databases.

TheNewsCrypto2 ч. назад

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

TheNewsCrypto2 ч. назад

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

New York Attorney General Letitia James has filed a lawsuit against Coinbase and Gemini, alleging their prediction markets violate state gambling laws. The complaint argues these platforms operate as unlicensed gambling activities since outcomes rely on chance, not skill. Both companies are also accused of allowing users under 21, the legal age for mobile sports betting in New York. The suit seeks restitution for customers, repayment of illegal profits, civil penalties, and restrictions on marketing, including a ban on promoting services on college campuses. Following the news, Coinbase's stock fell roughly 10%, while Gemini's dropped about 4%.

bitcoinist3 ч. назад

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

bitcoinist3 ч. назад

Crypto Extortion Hits Strait Of Hormuz As Scammers Exploit Shipping Crisis

An emerging crypto extortion scam is targeting shipping companies with vessels stranded near the Strait of Hormuz, according to maritime risk firm Marisks. Criminals posing as Iranian security officials are sending fraudulent messages offering safe passage in exchange for transit fees paid in Bitcoin or Tether. The scam exploits desperation amid the ongoing regional conflict, which has severely restricted movement through the critical waterway. Victims are instructed to submit documents and pay a cryptocurrency fee to secure transit. However, the messages are not from Iranian authorities. Paying could not only result in financial loss but also potentially violate international sanctions, as any crypto transfer linked to Iranian entities may be considered material support. Legal risks remain even if companies are defrauded. The scheme appears to capitalize on earlier reports that Iran was considering a real crypto-based toll system.

bitcoinist6 ч. назад

Crypto Extortion Hits Strait Of Hormuz As Scammers Exploit Shipping Crisis

bitcoinist6 ч. назад

MIT Researcher Proposes New Path To Make Bitcoin Quantum-Safe

MIT Digital Currency Initiative director Neha Narula proposes a practical, staged approach to make Bitcoin quantum-safe. She argues that Bitcoin should immediately implement low-risk defenses through a soft fork, rather than waiting for full consensus on more complex issues. Her recommended solution involves deploying a post-quantum output type like P2MR (BIP 360) along with a new quantum-resistant signature opcode. This would allow users to securely migrate their funds to quantum-resistant addresses, provided they avoid address exposure. While this doesn’t resolve all challenges—such as how to handle inactive or lost coins—Narula emphasizes that immediate action reduces risk and provides time to gather data before a cryptographically relevant quantum computer emerges. She dismisses alternative proposals as impractical for broad use and acknowledges tradeoffs, such as reduced privacy efficiency, but insists progress shouldn’t be delayed by unresolved governance debates.

bitcoinist7 ч. назад

MIT Researcher Proposes New Path To Make Bitcoin Quantum-Safe

bitcoinist7 ч. назад

What To Know About This Week’s CLARITY Act Push—And Why Mid-May Is Now Key

After months of delay, the Senate is approaching a decisive moment for the CLARITY Act, with mid-May emerging as a critical timeframe. Pressure from traditional banking groups, particularly concerning stablecoin yield restrictions, is causing potential delays. Banking associations are urging members to voice concerns to key negotiators like Senator Thom Tillis. Although a recent compromise largely satisfied the crypto industry, unresolved issues remain, including ethics and DeFi provisions. The markup could be postponed until after the Senate's recess, pending further negotiations.

bitcoinist8 ч. назад

What To Know About This Week’s CLARITY Act Push—And Why Mid-May Is Now Key

bitcoinist8 ч. назад

Торговля

Спот

Фьючерсы