Christmas 2025 will remain etched in the memory of Trust Wallet users not because of the festivities, but because of a serious security incident that led to the theft of some $7 million in cryptocurrency.
The company has officially acknowledged the flaw, urgently pushing the release of version 2.69 of the Chrome browser extension to stem the damage caused by the previous release, 2.68.
The dynamics of the attack: a bitter gift
It all started on 24 December, when the 2.68 update of the Chrome extension was released. Shortly after the rollout, security researchers and users began reporting unauthorised transactions and completely emptied wallets.
According to what reported by BleepingComputer, the greatest risk affected anyone who imported or entered their seed-phrase while the compromised version was active.
Experts analysing the software package identified suspicious logic within a JavaScript file, with references to a file named '4482.js'. This script would have been designed to secretly transmit private keys to an external host, allowing attackers to take total control of the funds.
The extent of the damage and the company's response
Although the Chrome Web Store listing indicates about 1,000,000 users for the extension, the actual exposure is limited to those who interacted with version 2.68 in the few hours it was online.
Initial estimates spoke of losses of between $6 million and $7 million, a figure later confirmed by Trust Wallet itself in an official statement on X (formerly Twitter).
Update on the Trust Wallet Browser Extension (v2.68) incident:
- Trust Wallet (@TrustWallet) December 26, 2025
We've confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded.
Supporting affected users is our top priority, and we are actively finalizing the process to refund the... https://t.co/2XRx8GvZ75
The company also pointed out that mobile and previous versions of the extension were not affected by the problem.
Security Instructions: upgrade or migrate?
For users, it is crucial to distinguish between upgrading software and reclaiming their wallet. Upgrading to version 2.69 removes the malicious behaviour from the browser, but does not protect assets if the seed phrase has already been intercepted.
The necessary steps for securing include:
- Disable version 2.68 immediately.
- Upgrade to 2.69 via the official store.
- Create a new wallet with a new seed phrase and transfer funds to it if a compromise is suspected.
- Revoke approvals of token suspicions.
Markets and residual risks
Despite the severity of the incident, the native token Trust Wallet Token (TWT) showed some resilience. After an intraday low of $0.767, the price stabilised around $0.834, marking a slight increase of 0.02% from the previous close.
However, the danger is not entirely over. Numerous fraudulent websites have been spotted promising 'quick fixes' or immediate refunds to induce users to hand over their access keys again.
Trust Wallet has urged caution, recommending that only official communication channels be followed during the refund process.
