TrustWallet Chrome Extension Hacked \u2013 Users Reporting Millions in Losses
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Many Trust Wallet users saw their wallets drained of over $7 million after a security breach in the Chrome browser extension version 2.68.0, released on December 24, 2025.<\/p>\n
Blockchain investigator ZachXBT first flagged<\/a> the incident on X, noting a surge in unauthorized outflows from affected addresses shortly after users interacted with the extension.\u200b<\/p>\n Reports emerged on Christmas Eve, with victims sharing screenshots of emptied portfolios, including significant holdings in ETH, BTC, SOL, and BNB.<\/p>\n One user claimed a $300,000 loss in minutes after simple authorization, with transactions funneled to multiple attacker-controlled addresses. PeckShield estimated initial losses at $6 million; Trust Wallet later confirmed approximately $7 million across hundreds of wallets.\u200b<\/p>\n The attack coincided with the Chrome Web Store extension update, affecting desktop users but sparing the mobile app. Security firm SlowMist issued an alert, describing a potential\u00a0supply-chain\u00a0compromise<\/a> in which malicious code was injected upstream.\u200b<\/p>\n Researchers examined a compromised bundle and found a JavaScript file named 4482.js that was masquerading as PostHog analytics. The obfuscated script activated on seed phrase import, silently exfiltrating sensitive wallet data, including recovery phrases, to api.metrics-trustwallet.com, a domain registered days earlier and mimicking official branding.<\/p>\nMalicious Code Exposed<\/strong><\/h2>\n