Trust Wallet users lost about $7 million in a Christmas Day exploit that had been planned since early December.
Trust Wallet’s browser extension version 2.68 was compromised by a security incident impacting desktop users, Trust Wallet said in a Thursday X ; it advised users to upgrade to version 2.89.
Changpeng Zhao, co-founder of Binance, which owns the cryptocurrency wallet that claims to serve 220 million users, said in a Friday X that the lost funds will be covered.
Cryptocurrency wallet exploits have been an increasing threat to digital asset investors. Personal wallet compromises accounted for 37% of the value stolen in 2025, if the $1.4 billion Bybit hack in February is excluded, to Chainalysis.
Still, the $7 million Trust Wallet exploit pales in comparison to some of the biggest wallet hacks. In February 2024, the co-founder of play-to-earn game Axie Infinity, Jeff Zirlin, worth of Ether () to a suspected wallet exploit.
Related:
The orchestrators of the attack on Trust Wallet had been preparing the exploit as early as Dec. 8, wrote Yu Xian, co-founder of blockchain security firm SlowMist, in a Friday X . A machine translation of his post read:
“The attacker started preparations at least on [Dec. 8], successfully implanted the backdoor on [Dec. 22], began transferring funds on [Christmas Day], and thus was discovered.”
The backdoor code was also collecting users’ personal information, which was sent to the attacker’s server.
According to onchain detective ZachXBT, “hundreds” of Trust Wallet users were .
Some industry watchers pointed to signs of potential insider activity from the exploit, as the attacker was able to submit a new version of the Trust Wallet extension on the website.
“This kind of ‘hack’ is not natural. The chances of insider is high,” intergovernmental blockchain adviser Anndy Lian wrote in a Friday X .
Related:
Zhao that the exploit was “most likely” an insider.
SlowMist’s Xian also that the attacker was “very familiar with the Trust Wallet extension’s source code,” which enabled them to implement the backdoor code necessary to collect sensitive user information.
Magazine:
