Trust Wallet Users Lost $7 Million in Cryptocurrency Due to Hack

RBK-crypto发布于2025-12-26更新于2025-12-26

文章摘要

On December 26, the team behind Trust Wallet, a popular cryptocurrency wallet owned by Binance, reported a security breach affecting the browser extension version 2.68. According to Binance founder Changpeng Zhao, the incident was the result of a hack, resulting in losses of approximately $7 million. Users of the compromised version were advised to disable or uninstall it and upgrade to the secure version 2.69. The breach did not impact the mobile application. Trust Wallet's native token (TWT) initially dropped around 7% in price but recovered after the official announcement. Zhao stated that Trust Wallet would cover all user losses and urged affected individuals to contact support. Although no official cause was confirmed, reports suggest that version 2.68 contained hidden malicious code that intercepted users' secret recovery phrases during wallet imports, sending them to an external server. This allowed attackers to gain full access to affected wallets. Some community members, including Zhao, suspect the breach may have been an inside job involving a team member.

On the night of December 26, the team of the popular cryptocurrency wallet Trust Wallet reported a security breach that affected the browser application version 2.68. As explained by Binance founder and head of YZi Labs, which owns Trust Wallet, Changpeng Zhao, the incident occurred as a result of a hacker attack, and the damage amounted to $7 million.

Users of version 2.68 should disable or delete this build and only then install the new version 2.69, and under no circumstances should they open or use the unsafe version. The hack only concerns the browser version 2.68 and did not affect the mobile application.

The native token of Trust Wallet (TWT) reacted with a price drop of about 7%, falling for three hours before the team's announcement around 01:20 Moscow time on December 26. After the official announcement, the TWT price recovered to previous levels and the asset is trading slightly below $0.83.

Zhao stated that Trust Wallet will cover all user losses, and affected users were asked to write to the wallet's support service, a link to which can be found on the official website.

No official statements have been made regarding the causes of the hack. But its essence, according to a report by user Akinator on social network X, may be that a hidden malicious code was embedded in version 2.68 of the Trust Wallet browser extension. Akinator was one of the few who reported the hack several hours before the official confirmation from Trust Wallet.

The assumption is that when a user enters their secret phrase to import a wallet, this code stealthily intercepts the data and sends it to an external server. In this way, the attackers could gain full access to the users' wallets and funds.

The crypto community believes that the malicious code was embedded by someone from the cryptocurrency wallet team. In response to a suggestion by X user under the nickname Crazino.eth that the hack was "certainly carried out by an insider working in the team," Zhao replied "probably."

Broke the cycle. How the price of Bitcoin changed over 10 years at Christmas

AI outperformed humans in a crypto trading tournament. What were the results

Miner "capitulation" called a bullish factor for Bitcoin. Why

相关问答

QWhat was the total amount of cryptocurrency lost by Trust Wallet due to the hack?

AUsers lost $7 million in cryptocurrency due to the hack.

QWhich specific version of the Trust Wallet application was compromised in the security breach?

AThe security breach affected the browser application version 2.68.

QWhat was the impact on Trust Wallet's native token (TWT) price following the incident?

AThe native token TWT initially dropped by approximately 7% but recovered to its previous levels after the official announcement, trading slightly below $0.83.

QAccording to the article, how did the alleged malware in version 2.68 potentially steal user funds?

AThe hidden malicious code allegedly intercepted a user's secret recovery phrase during wallet import and sent it to an external server, giving attackers full access to the wallets and funds.

QWho did the crypto community and Binance's Changpeng Zhao suggest might be responsible for the hack?

AThe crypto community and Changpeng Zhao suggested that the hack was likely carried out by an insider within the Trust Wallet team.

你可能也喜欢

小红书的第二次大航海,这次驶向AI

2022年底ChatGPT问世后,小红书创始人毛文超开始警惕AI可能带来的颠覆。尽管他认为小红书积累的真人生活经验构成护城河,但面对AI将信息直接转化为答案的趋势,公司仍感不安。 2026年,小红书加速AI布局:成立AI一级部门Dots,上线让笔记经验转化为可调用工具的RED Skill,收购AI搜索产品点点,并投资多家AI公司与硬件初创企业。其核心是将平台积累的几亿用户真实生活经验——从购物攻略到装修避坑——转化为AI可处理的结构,再做成可用的工具与服务。 小红书面临两难:既要利用AI高效整合信息,又需防止机器生成的“伪经验”稀释其立足之本——真人真实的“我试过”。为此,平台出台AI内容标注与治理规则,强调守护真实。 商业化方面,小红书通过AIPS模型追踪种草到交易的链路,并获取支付牌照以闭环交易。它试图从下游的经验沉淀,向上游延伸至未被明确表达的潜在需求。 文章最后提及小红书计划赴港IPO。但其真正的挑战在于:如何在AI时代,既让机器变得更聪明,又始终留住那些分享真实经验的用户与寻求建议的人。这决定了公司能否长久。

marsbit13分钟前

小红书的第二次大航海,这次驶向AI

marsbit13分钟前

SharpLink CEO:如何理解以太坊开发者刚刚突破 100 万?

作者Joseph Chalom从亚洲之行中感受到以太坊生态的活力与建设者的雄心。他指出,Electric Capital数据显示以太坊历史开发者总数已突破100万,其中约23.2万人在过去一年保持活跃,这是加密领域最大的技术人才库。 Chalom认为,加密领域的核心问题并非哪条链最快,而是顶尖建设者选择在哪里长期建设。以太坊的显著优势源于十年积累的制度、文化、经济和生态结构,使其成为可编程金融和互联网原生资本形成的默认操作系统。 这百万建设者正致力于解决行业最难的问题:核心协议的可扩展性、隐私、抗量子能力及智能体系统。例如,2026年预计进行的Glamsterdam升级将在不破坏核心原则下提升性能;同步可组合性技术让众多Rollup能像一条链般运作;以太坊在抗量子准备上也处于明显领先地位。 以太坊的深层护城河在于开发者聚集产生的复利效应,以及由此强化的可组合性、共享标准(如EVM和Solidity)和信任。其可信中立性(由超90万验证者保障)、模块化架构(如Base、Arbitrum等Rollup)以及吸引顶尖研究人员的文化,共同巩固了其作为大型机构首选互联网原生金融协调层的地位。Chalom坚信,以太坊的生态系统优势及其汇聚的人才,将持续推动下一代金融基础设施的变革。

marsbit24分钟前

SharpLink CEO:如何理解以太坊开发者刚刚突破 100 万?

marsbit24分钟前

SharpLink CEO:如何理解以太坊开发者刚刚突破 100 万?

SharpLink CEO分享了其对以太坊开发者总数突破100万的见解。根据Electric Capital数据,以太坊历史开发者总数已达1,012,824人,其中约23.2万人在过去一年保持活跃,构成了加密领域最庞大的技术人才库。 作者认为,加密领域的核心竞争并非单纯追求速度与低费用,而是顶尖建设者的选择。以太坊凭借十年积累的制度、文化、经济与生态结构,形成了难以复制的综合优势,已成为可编程金融和互联网原生资本的默认操作系统。 这百万开发者正致力于攻克行业最前沿的挑战:通过预计2026年的Glamsterdam升级提升核心协议可扩展性;通过同步可组合性技术让众多Rollup如一条链般协同工作;以及积极布局抗量子能力,以太坊基金会已成立专门团队推进,目标是2029年前完成迁移。 更深层的护城河在于网络效应:以太坊的可组合性让应用像乐高积木一样互操作,EVM和Solidity技能在数百个网络中通用,形成了“更多开发者→更多工具与流动性→更多应用”的飞轮。此外,由超90万验证者保障的可信中立性、模块化扩展架构以及顶尖的研究与文化氛围,共同巩固了其作为大型机构首选信任层的地位。 作者在访问亚洲以太坊社区后强调,以太坊的竞争优势在于汇聚了改变未来金融的建设者,其生态不仅是链上活跃,更在成为互联网原生金融的长期协调层。

链捕手28分钟前

SharpLink CEO:如何理解以太坊开发者刚刚突破 100 万?

链捕手28分钟前

一把中国土,卡死日本两大巨头

两家日本企业关东电化和中央硝子曾主导全球高端六氟化钨(芯片制造关键材料)近四分之一产能,但其生产依赖从中国进口的6N级高纯度钨粉。2026年初,中国对日本钨粉出口归零,导致两家日企原料断供。尽管尝试寻找替代来源,但价格昂贵数倍且纯度不达标,最终于7月1日宣布永久停产。 六氟化钨是制造AI芯片所需HBM内存的关键材料,其高纯度依赖6N级钨粉。日本企业长期从中国稳定采购低价钨粉进行深加工,却忽视了这一供应链风险。中国通过数十年技术攻坚,由厦门钨业、中钨高新等企业攻克了钨钼分离等难题,实现了高纯钨粉的自主量产。 断供后,三星、SK海力士等韩国半导体巨头面临库存危机,转而加速认证并采购中国六氟化钨产品。这一转变标志着中国在高纯度材料领域实现了从底层原料到高端产品的全产业链突破。

marsbit59分钟前

一把中国土,卡死日本两大巨头

marsbit59分钟前

从身份协议到AI入口,World的野心有多大?

近期,加密市场中的WLD成为焦点,其价格持续上涨,市值突破30亿美元。这一热度源于World项目正式进入“The Simple Plan”第三阶段,其发展逻辑正从早期的代币激励转向实用驱动。World的核心目标是构建全球“人格证明”网络,通过扫描虹膜的World ID解决互联网中验证真实人类身份的关键问题。随着生成式AI爆发,区分真人与AI变得日益紧迫。 World的落地场景正在拓宽,覆盖企业端、个人端及AI Agent端。企业方面,与Zoom等公司合作应对深度伪造;个人层面,瞄准社交与票务等场景的真人验证需求;AI Agent端则推出AgentKit,旨在建立人与AI间的可信授权框架,为未来AI经济奠定信任基础。 市场上涨背后是对“真人身份”稀缺价值的重估。在AI内容成本趋近零的未来,真人身份与行为可能成为稀缺资源。World的运营策略也更聚焦,资源集中于高价值城市以构建网络效应,同时下一代Orb设备将实现自助化以降低扩张成本。 宏观来看,World可能推动加密叙事从金融扩展到身份基础设施,身份或成为可组合资产。它也有望成为AI Agent经济的关键入口,解决Agent归属、可信与验证问题。World ID 4.0引入的费用机制开启了协议的收入来源,使其商业模式更趋清晰。 总之,WLD的上涨反映了市场对World在AI时代定位的认可——其野心是成为验证人类身份的关键入口。随着AI与人的界限模糊,掌握人格证明网络可能意味着掌握下一代互联网的重要枢纽。

marsbit1小时前

从身份协议到AI入口,World的野心有多大?

marsbit1小时前

交易

现货
合约
活动图片

热门分类right-arrow

热门标签right-arrow