Malicious Trust Wallet Extension V2.68 Drains ~$7M — Company Pledges Full Refunds

Trust Wallet says roughly $7M affected after malicious update to browser extension v2.68 — refunds promised Trust Wallet has confirmed that about $7 million in funds were impacted by a security incident tied to its browser extension version 2.68. The company said the issue was limited to that single extension release and that mobile users and other extension versions were not affected. Trust Wallet has pledged to fully refund all impacted users and is finalising the remediation process. What happened - The incident came to light after blockchain investigator ZachXBT reported suspicious activity. Subsequent reporting indicated some wallets were drained soon after users imported seed phrases into the compromised extension. - Security-focused developers suggested the problematic behavior may have been introduced in a recent update, raising the possibility of a supply-chain compromise — though Trust Wallet has not disclosed technical details about the root cause. - In an update published December 26, Trust Wallet reiterated the impact was contained to Browser Extension v2.68 and confirmed the ~$7M figure. What Trust Wallet is doing - The company said supporting affected users is its “top priority” and that it will ensure all impacted users are refunded. It is actively finalising the refund process and will provide instructions to affected users shortly. - Trust Wallet urged users running v2.68 to disable the extension immediately, avoid opening it, and manually update to the secure release, v2.69. - The firm also warned users to ignore messages or instructions from unofficial channels, noting attackers may attempt secondary scams that exploit the situation. - Investigation into the incident is ongoing; Trust Wallet says it will continue to provide updates as more information becomes available. Why this matters - The episode highlights persistent risks with browser extensions and the broader supply-chain problem in crypto software — where a single compromised update can expose many users at once. - Even though the impact appears contained to one extension version, the event is being treated as one of the more significant wallet-related security incidents disclosed during the year-end period. If you use Trust Wallet’s browser extension - If you run Browser Extension v2.68: disable the extension via Chrome’s extension settings, do not open it, and update manually to v2.69. - If you use the Trust Wallet mobile app or any other extension version: you are not reported to be affected, but remain vigilant for phishing or scam attempts. Disclaimer: This article is informational and not investment advice. Cryptocurrency trading and custody carry risk; readers should perform their own research before making financial decisions. Read more AI-generated news on: undefined/news