Users of Trust Wallet reported losses exceeding $7 million after a compromised update to the wallet’s Chrome browser extension allowed attackers to drain funds from affected addresses. The incident occurred shortly after the release of extension version 2.68, prompting multiple community alerts and onchain investigations. The wallet provider later confirmed the breach and advised users to immediately stop using the impacted version. Mobile users and those running other browser versions were not affected. The attack highlights the ongoing risks associated with browser based crypto wallets, where compromised updates or malicious code can expose private keys and authorize unauthorized transfers. As wallet software increasingly becomes a critical access point to digital assets, even short windows of exposure can result in significant financial losses for users.
The breach was first flagged by independent blockchain investigator ZachXBT, who warned that multiple wallets were being drained within hours of the update being pushed live. Trust Wallet later acknowledged the issue and released version 2.69 to address the vulnerability, urging users to upgrade immediately. Changpeng Zhao, co founder of Binance, which owns Trust Wallet, stated that affected users would be reimbursed for their losses. While the exact technical root cause has not been fully detailed, the incident underscores how attackers continue to target wallet infrastructure rather than exchanges, exploiting weaker endpoints in the crypto ecosystem.
The event comes amid a broader rise in crypto related theft, as attackers increasingly focus on individual users rather than centralized platforms. Industry data shows a sharp increase in personal wallet compromises over the past year, even as exchanges have strengthened security controls. Browser extensions remain a popular target due to their widespread use and deep access permissions. Security experts continue to advise users to limit wallet exposure, verify updates carefully, and use hardware wallets or multi layer protections where possible. As self custody adoption grows, incidents like this reinforce the importance of rigorous software review and rapid response processes to protect users from evolving attack vectors.
