Trust Wallet to Cover $7M Lost in Christmas Day Exploit

Trust Wallet will reimburse approximately $7 million lost by users in an exploit executed on Christmas Day, according to a Friday post on X by Changpeng Zhao, co-founder of Binance, which owns the wallet. The incident involved the Trust Wallet browser extension and appears to have been prepared since early December, based on analysis from cybersecurity firm SlowMist.

Trust Wallet stated in a Thursday post on X that its browser extension version 2.68 experienced a security compromise affecting desktop users and advised upgrading to version 2.89.

SlowMist reported that a malicious version of the extension exported users’ personal data to a server controlled by the attacker, indicating possible insider involvement.

Personal wallet compromises represented 37% of the total value stolen in 2025 when excluding the $1.4 billion Bybit hack in February, according to Chainalysis.

Crypto hack volume over time, personal wallet hack proportion with 2025 adjustment scenario for the Bybit hack. Source: Chainalysis.com

The $7 million loss is smaller than several major wallet incidents. In February 2024, Jeff Zirlin, co-founder of the play-to-earn game Axie Infinity, lost $9.7 million in Ether (ETH) in a suspected wallet compromise.

Industry flags potential insider involvement following Trust Wallet exploit

Yu Xian, co-founder of SlowMist, said in a Friday post on X that the attackers began preparing at least by Dec. 8, implanted a backdoor on Dec. 22, and started moving funds on Dec. 25, when the activity was detected. The backdoor code also harvested users’ personal information, which was transmitted to the attacker’s server.

Onchain investigator ZachXBT said “hundreds” of Trust Wallet users were impacted.

Source: Cos

Some industry observers highlighted potential insider participation, noting that the attacker submitted a new version of the Trust Wallet extension on the official website. Intergovernmental blockchain adviser Anndy Lian said the likelihood of insider involvement was high. Zhao also said the exploit was “most likely” an insider incident. SlowMist’s Xian added that the attacker appeared highly familiar with the extension’s source code, enabling the insertion of the backdoor to collect sensitive user data.

Trust Wallet, which says it serves 220 million users, is owned by Binance. Zhao said the affected funds will be covered, and users were urged to update to version 2.89 of the browser extension.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.

admin

USR Depegs; Nevada Blocks Kalshi; Brazil Pauses Crypto Tax

USR Depegs; Nevada Blocks Kalshi; Brazil Pauses Crypto Tax

Hong Kong retiree loses $840K in triple crypto expert scam

Hong Kong retiree loses $840K in triple crypto expert scam

Satoshi-era Bitcoin whale makes test transaction after 14 years

Satoshi-era Bitcoin whale makes test transaction after 14 years

Hashi launches on Sui for Bitcoin lending with BitGo, FalconX

Hashi launches on Sui for Bitcoin lending with BitGo, FalconX

ECB opens digital euro work on ATMs and payment terminals

ECB opens digital euro work on ATMs and payment terminals

ECB opens digital euro workstreams for ATMs and terminals

ECB opens digital euro workstreams for ATMs and terminals

Leave a Reply

Your email address will not be published. Required fields are marked *