Trust Wallet Users Lost $7 Million in Cryptocurrency Due to Hack

RBK-crypto发布于2025-12-26更新于2025-12-26

文章摘要

On December 26, the team behind Trust Wallet, a popular cryptocurrency wallet owned by Binance, reported a security breach affecting the browser extension version 2.68. According to Binance founder Changpeng Zhao, the incident was the result of a hack, resulting in losses of approximately $7 million. Users of the compromised version were advised to disable or uninstall it and upgrade to the secure version 2.69. The breach did not impact the mobile application. Trust Wallet's native token (TWT) initially dropped around 7% in price but recovered after the official announcement. Zhao stated that Trust Wallet would cover all user losses and urged affected individuals to contact support. Although no official cause was confirmed, reports suggest that version 2.68 contained hidden malicious code that intercepted users' secret recovery phrases during wallet imports, sending them to an external server. This allowed attackers to gain full access to affected wallets. Some community members, including Zhao, suspect the breach may have been an inside job involving a team member.

On the night of December 26, the team of the popular cryptocurrency wallet Trust Wallet reported a security breach that affected the browser application version 2.68. As explained by Binance founder and head of YZi Labs, which owns Trust Wallet, Changpeng Zhao, the incident occurred as a result of a hacker attack, and the damage amounted to $7 million.

Users of version 2.68 should disable or delete this build and only then install the new version 2.69, and under no circumstances should they open or use the unsafe version. The hack only concerns the browser version 2.68 and did not affect the mobile application.

The native token of Trust Wallet (TWT) reacted with a price drop of about 7%, falling for three hours before the team's announcement around 01:20 Moscow time on December 26. After the official announcement, the TWT price recovered to previous levels and the asset is trading slightly below $0.83.

Zhao stated that Trust Wallet will cover all user losses, and affected users were asked to write to the wallet's support service, a link to which can be found on the official website.

No official statements have been made regarding the causes of the hack. But its essence, according to a report by user Akinator on social network X, may be that a hidden malicious code was embedded in version 2.68 of the Trust Wallet browser extension. Akinator was one of the few who reported the hack several hours before the official confirmation from Trust Wallet.

The assumption is that when a user enters their secret phrase to import a wallet, this code stealthily intercepts the data and sends it to an external server. In this way, the attackers could gain full access to the users' wallets and funds.

The crypto community believes that the malicious code was embedded by someone from the cryptocurrency wallet team. In response to a suggestion by X user under the nickname Crazino.eth that the hack was "certainly carried out by an insider working in the team," Zhao replied "probably."

Broke the cycle. How the price of Bitcoin changed over 10 years at Christmas

AI outperformed humans in a crypto trading tournament. What were the results

Miner "capitulation" called a bullish factor for Bitcoin. Why

你可能也喜欢

Anthropic开始抢科学家了？周薪2.7万驻场，专治Claude专家级错误

Anthropic推出STEM研究员计划，以周薪3800美元（约合人民币2.7万元）招募STEM领域专家全职驻场三个月，旨在利用其专业判断力识别和修正AI模型Claude在科学推理中的错误。机器学习经验非必需，更看重科学判断力和快速学习能力。该项目是Anthropic科研生态布局的第三代计划，从早期聚焦AI安全，到开放API支持外部研究，再到直接邀请科学家参与模型调教，逐步深入。研究员将使用内部工具和Claude模型，在导师指导下完成特定项目，例如修正模型在材料相稳定性推理中的错误，或构建气候建模工具调用能力。 Anthropic认为，当前AI科研的瓶颈并非算力，而是缺乏领域专家的判断力。哈佛物理教授的测试显示，Claude虽能大幅提升研究速度，但仍会犯高阶错误且无法自我验证。因此，公司需科学家充当“高级审校”，系统性识别并弥补模型短板。 CEO Amodei曾强调AI在生物医学等领域的颠覆潜力，目标是将50-100年的进展压缩至5-10年。Anthropic通过Science博客、全球合作项目等系统构建科学能力壁垒，其竞争策略从堆叠算力转向整合人类专家智慧，预示AI行业竞争核心正从参数规模转向领域知识的深度融合。

marsbit22分钟前

marsbit22分钟前

坚守一级市场的VC，手里还有多少钱？

原标题：坚守一级市场的VC，手里还有多少钱？多位加密货币行业投资人就一级市场现状展开讨论，核心分歧在于资金究竟集中在早期还是后期阶段，但共识是：市场并不缺钱，缺的是值得投资的高质量项目。 Crucible Capital合伙人Meltem Demirors指出，加密货币行业真正能带来“VC级回报”的赛道有限，目前优秀创始人和项目供给不足，导致从种子轮到A轮的门槛显著提高。 Blockworks联合创始人Mippo补充称，早期资金其实过剩，但后期增长资金明显不足。然而，Varys Capital的Tom Dunleavy与Pantera Capital的Mason Nystrom就资金分布产生激烈争论。Dunleavy引用数据称，2026年80%以上资金流向了后期轮次，A轮及之后的可用资金约60-70亿美元，集中在5-6家大型机构；早期资金仅10-20亿美元，分散于数十家小基金。Nystrom则反驳称，真正能投B轮的基金极少，大多数项目进入传统VC体系后已不算纯加密货币项目，且早期融资的“可获得性”远高于后期。双方虽未达成一致，但揭示出同一现实：表面资金充足，实则结构收紧——早期资金分散但竞争激烈，中后期资金集中却门槛极高。市场正从依赖叙事和流量转向更看重实际业务进展和长期增长能力。对VC意味着必须更谨慎出手，对创业者则需具备跨越长周期和高门槛的实力。

Odaily星球日报24分钟前

小佩佩币（$LILPEPE）为早期买家构建强劲投资案例，潜在回报高达50-100倍

小佩佩币（$LILPEPE）凭借预售阶段近2800万美元的强劲融资表现，正处第十三阶段（单价$0.0022）并向$0.0023过渡，早期投资者可能获得50倍至100倍回报潜力（目标价$0.11-$0.22）。项目通过Layer 2区块链技术实现零交易税、反机器人机制和质押功能，并设有 meme 启动平台及DAO治理机制增强生态实用性。目前通过$77,000抽奖奖励和贡献排名活动激励社区参与，但高回报仍取决于市场行情，属于高风险高收益型投资机会。

TheNewsCrypto30分钟前

小佩佩币（$LILPEPE）为早期买家构建强劲投资案例，潜在回报高达50-100倍

TheNewsCrypto30分钟前

X Money 上线前夜，Musk 先把裁判拆了

2025年2月7日，Elon Musk领导的“政府效率部”（DOGE）团队进入美国消费者金融保护局（CFPB）总部，并获得广泛数据访问权限。随后，CFPB资金被冻结、活动暂停，近90%员工面临解雇。此举发生在X宣布与Visa合作仅九天后，被视为Musk为旗下X Money支付系统上线扫清监管障碍的行动。与传统企业如Coinbase和PayPal耗时多年、耗资数亿美元进行合规申请和监管合作不同，Musk通过政治手段快速拆解监管框架。CFPB此前持有Apple、Google、PayPal等支付企业的核心商业数据和执法记录，DOGE的访问被指可能窃取竞争对手敏感信息，构成不公平优势。此外，美国稳定币监管法案GENIUS Act被指存在“豁免条款”，允许X等私人公司发行稳定币时规避部分审批，而Musk在法案制定期间担任总统高级顾问，引发利益冲突质疑。X Money提供6%年化收益，但其合作银行曾受处罚，且用户资金不受联邦存款保险保护。截至2026年4月，X Money已上线，而传统企业如Coinbase历时十三年才获国家信托公司批准。事件引发对监管公平性和规则效力的深刻质疑。

marsbit31分钟前

marsbit31分钟前

Coinlocally上线特斯拉、亚马逊、苹果等代币化股票交易对，并推出零手续费交易活动

加密货币交易平台Coinlocally宣布上线10种新的代币化股票交易对，并针对这些新交易对推出零手续费交易活动，活动持续至2026年5月14日。新上线的标的包括特斯拉、亚马逊、苹果、英伟达、Alphabet等知名公司股票对应的代币（如TSLAX、AMZNX等），用户可使用USDT进行交易。此举旨在为用户提供传统股票市场的区块链化投资渠道，同时保持平台原有的交易体验。代币化实物资产（RWA）目前市场规模已超过260亿美元，逐渐成为加密平台和传统金融市场共同关注的领域。 Coinlocally首席运营官Sam Baumann表示，零手续费政策是为了降低用户尝试门槛，扩大交易者覆盖范围。该平台目前支持超过600种数字资产，提供现货、杠杆、期货及P2P交易等多种服务，致力于连接传统金融市场与去中心化金融（DeFi）生态。用户可前往Coinlocally平台交易新版代币化股票并享受限时零手续费优惠。

TheNewsCrypto1小时前

交易

现货

合约