Chrome Extension Scam Drains $7M from Trust Wallet Users
Trust Wallet users lose $7 million to hacked Chrome extension
Trust Wallet said users lost roughly $7 million after attackers compromised a version of its Google Chrome browser extension, draining funds shortly after victims imported their recovery phrases.
The incident surfaced on Dec. 25, when users began reporting on X that their wallets had been emptied soon after entering seed phrases into the extension. Binance founder Changpeng Zhao (CZ), who owns Trust Wallet, later said losses had reached approximately $7 million.
In its official statement, Trust Wallet put the net sum of losses at $7 million (equivalent) and said it has released an updated browser extension build, v2.69.0, following the incident tied to version 2.68.
According to Trust Wallet and CZ’s public comments, the breach was linked to a compromised extension update, described as a supply-chain hack, that enabled attackers to extract seed phrases. The stolen assets were taken across Bitcoin, Solana, and EVM networks, with reports citing losses in tokens including BTC, ETH, USDC, and BNB.
CZ said Trust Wallet plans to cover the losses and emphasized that user funds remain “SAFU,” using the industry term commonly associated with Binance’s protection mechanisms. He added that the team is continuing to investigate how a compromised version was submitted and distributed via the Chrome extension channel.
Trust Wallet also said the issue was confined to the affected browser extension version, and that other platforms were not impacted.
The incident is the latest reminder of the security risks tied to browser extensions in crypto, where a single compromised update can expose recovery phrases and allow attackers to drain wallets quickly—especially in self-custody setups where transactions are irreversible once signed and broadcast.
