Trust Wallet Issues Update on Browser Extension v2.68 Hack
- Trust Wallet gives update on v2.68 breach after malicious extension drained $8.5M.
- 2,520 wallets affected; reimbursements planned with strict ownership verification.
- Trust Wallet rolled back v2.69, reset the credentials, tightened release security.
Trust Wallet has issued a detailed update after a malicious browser extension compromised user wallets. The update follows an unauthorized Trust Wallet Browser Extension v2.68 release on the Chrome Web Store. The incident occurred between December 24 and December 26, 2025, after attackers exploited leaked publishing credentials.
What Trust Wallet Confirmed in Its Latest Update
According to Trust Wallet, attackers published a tampered version of Browser Extension v2.68. Notably, the release bypassed Trust Wallet’s internal approval and review process. The attacker used a leaked Chrome Web Store API key to publish the extension externally.
Trust Wallet said the malicious extension allowed access to sensitive wallet data. As a result, attackers executed transactions without user authorization once wallets were opened. However, Trust Wallet stressed the incident only affected users who logged in during the specified window.
The company stated it has high confidence the incident links to the November 2025 Sha1-Hulud attack. That industry-wide supply chain breach compromised npm packages used across multiple sectors. During that incident, Trust Wallet’s developer GitHub secrets were exposed.
Those leaked secrets reportedly included extension source code access and publishing credentials. Using that access, attackers prepared a modified build based on earlier extension code. The build referenced attacker-controlled domains designed to collect wallet data.
Scope of Impact and Wallets Identified
Trust Wallet’s update clarified the scope of affected users. Only Browser Extension v2.68 users who logged in between December 24 and December 26 were impacted. However, users who logged in after December 26 at 11:00 UTC remained unaffected.
Notably, Trust Wallet confirmed that mobile app users were not impacted. Other browser extension versions also remained unaffected during the incident period. Users without a security banner on the extension do not face exposure, according to the update.
Trust Wallet identified 2,520 wallet addresses drained during the incident. The stolen assets totaled approximately $8.5 million across multiple blockchains. Investigators linked those losses to 17 wallet addresses controlled by the attacker.
However, Trust Wallet noted those attacker addresses also drained non-Trust Wallet users. As a result, investigators continue tracking additional wallets outside the confirmed list. Updated figures will follow once verification completes, according to the company.
Related: Coinbase Impersonation Scams Expose Crypto Enforcement Gaps
Response Measures, Reimbursement and Ongoing Work
Trust Wallet’s update outlined immediate response actions following detection. The company rolled back the extension and released a clean version labeled v2.69. At the same time, Trust Wallet disabled publishing credentials and restricted deployment access.
Notably, the response included coordination with blockchain analytics partners and researchers. Investigators 0xAkinator and ZachXBT helped flag suspicious wallet activity early. White-hat researchers also disrupted attacker infrastructure through temporary domain attacks.
Trust Wallet confirmed it will reimburse affected users voluntarily. The company has already identified 2,520 verified wallets eligible for reimbursement. However, Trust Wallet reported receiving over 5,000 claims, raising verification concerns.
As a result, Trust Wallet emphasized strict ownership verification to prevent fraud. The process combines multiple data points and manual case reviews. Claim processing times vary, depending on verification complexity.
Trust Wallet also announced development of a verification tool in Browser Extension v2.70. The tool will provide affected users with an additional validation element. Meanwhile, affected users were advised to move funds to newly created wallets.
The update also detailed ongoing security improvements across release systems. These include tighter access controls, enhanced monitoring, and credential rotation. Trust Wallet stated investigations remain active and updates will continue through official channels.
Meanwhile, Trust Wallet’s update confirms how the breach occurred and who was affected. The company outlined containment steps, reimbursement plans and verification challenges. Investigations into the supply chain attack remain ongoing as updates continue.
