Particle.news
Download on the App Store
26 ARTICLES
·
5d ago

Trust Wallet Chrome Extension v2.68 Breach Drains $7 Million as CZ Promises Repayment

A rapid update to v2.69 follows reports of seed-stealing code, with investigators examining how a tainted build reached the Chrome Web Store.

ZachXBT flags suspected Trust Wallet extension issue as users report drained funds
Trust Wallet confirms $7M impact from browser extension incident, promises full user refunds
A man holds open an empty leather wallet. (Andrew Khoroshavin/Pixabay)
Image

Overview

  • Trust Wallet confirmed the incident was limited to Chrome extension version 2.68 and urged users to disable it and update to version 2.69, noting that mobile and other extension versions were not affected.
  • On‑chain analysts estimate roughly $6–7 million was stolen, with traces showing transfers to services including KuCoin, HTX, ChangeNOW, and FixedFloat as portions remain in attacker wallets.
  • The issue surfaced after a December 24 extension update, and on‑chain investigator ZachXBT flagged waves of immediate drains reported by users on December 25.
  • Security researchers identified suspicious logic in a bundled file (4482.js) that appeared to exfiltrate sensitive data to api.metrics-trustwallet[.]com, and opportunistic phishing sites such as fix-trustwallet[.]com also emerged.
  • Changpeng Zhao said Trust Wallet will reimburse affected users, while the team investigates whether the malicious release stemmed from a supply‑chain compromise or insider involvement.