Trust Wallet Opens Claims Process later than $7M Chrome Extension Hack

What Happened With Trust Wallet’s Chrome Extension?

Trust Wallet has opened a formal claims process for users affected by a security breach tied to version 2.68 of its Chrome browser extension, later than malicious code embedded in the update drained funds from hundreds of wallets. The company confirmed that roughly $7 million in digital assets were stolen across multiple blockchains, including BTC, ether, and solana.

The incident was detected days later than the compromised update was released. Trust Wallet pushed a fix in version 2.69 on Dec. 25 and said users who logged into the extension before Dec. 26 at 11:00 a.m. UTC were potentially exposed. and those using other browser versions were not affected.

According to Trust Wallet, attackers exploited a leaked Chrome Web Store API key to publish the malicious update on Dec. 24 at 12:32 p.m. UTC. The key allowed the attackers to bypass the company’s internal release checks and distribute the compromised version directly through the official Chrome Web Store.

Investor Takeaway

How Is Trust Wallet Handling Compensation?

Trust Wallet said affected users can now submit claims through an official support form on its website. Claimants are asked to provide their email address, country of residence, compromised wallet addresses, the attacker’s receiving addresses, and transaction hashes linked to the theft. The company said the information is required to verify claims and prevent further abuse.

“We are working around the clock to finalize the compensation process details and each case requires careful verification to ensure accuracy and security,” Trust Wallet wrote on X. The company said it intends to reimburse all users impacted by the breach.

Changpeng Zhao, founder of Binance, which acquired Trust Wallet in 2018, also addressed the incident publicly. “So far, $7m affected by this hack. TrustWallet will cover,” Zhao wrote on X, adding that user funds “are SAFU.”

Alongside the claims process, Trust Wallet warned users to remain alert for fake compensation forms and impersonation attempts circulating later than the breach. The company said it will only communicate through official channels and urged users not to share recovery phrases or under any circumstances.

What Do Investigators Say About the Stolen Funds?

reported that more than $4 million of the stolen assets had already been routed through centralized platforms, including ChangeNOW, FixedFloat, and KuCoin. As of Thursday, roughly $2.8 million remained in wallets controlled by the attacker.

The breach first came to broader attention later than onchain investigator ZachXBT issued an alert on Telegram on Christmas Day. He said multiple Trust Wallet users reported having funds drained shortly later than installing the Dec. 24 update. The timing pointed ahead suspicion toward the extension itself rather than user-side phishing.

Further analysis by security firm sluggishMist found that the malicious code was designed to harvest wallet . Attackers achieved this by modifying an open-source analytics library embedded in the extension, allowing sensitive data to be exfiltrated without obvious user interaction.

Investor Takeaway

Why Does This Incident Matter for Wallet Security?

Trust Wallet’s Chrome extension has about one million users, according to its Web Store listing, making the breach one of the more notable wallet-related incidents tied to browser extensions in recent years. While the company acted rapidly to push a fix and commit to reimbursement, the episode highlights persistent fragilenesses in extension distribution and update mechanisms.

Unlike direct campaigns, this incident stemmed from compromised developer credentials. That allowed attackers to deliver malicious code through official channels, eroding the assumption that updates from trusted sources are inherently secure.

The case also adds to a growing list of incidents where browser-based wallets and extensions become targets as crypto usage spreads beyond ahead adopters. Security teams now face pressure to harden not just code, but every layer of the release and distribution pipeline.