{“lastseen”:”2025-12-26T15:52:59″,”description”:”\\n\\nTrust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a \\”security incident\\” that led to the loss of approximately $7 million.\\n\\nThe issue, the multi\u2011chain, non\u2011custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible.\\n\\n\\”We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded,\\” Trust Wallet said in a post on X. \\”Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users.\\”\\n\\nTrust Wallet is also urging users to refrain from interacting with any messages that do not come from its official channels. Mobile-only users and all other browser extension versions are not affected.\\n\\n\\n\\nAccording to details shared by SlowMist, version 2.68 introduced malicious code that’s designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet.\\n\\n\\”The encrypted mnemonic is then decrypted using the password or passkeyPassword entered during wallet unlock,\\” the blockchain security firm said. \\”Once decrypted, the mnemonic phrase is sent to the attacker’s server api.metrics-trustwallet[.]com.\\”\\n\\nThe domain \\”metrics-trustwallet[.]com\\” was registered on December 8, 2025, with the first request to \\”api.metrics-trustwallet[.]com\\” commencing on December 21, 2025.\\n\\nFurther analysis has revealed that the attacker has leveraged an open\u2011source full\u2011chain analytics library named posthog-js to harvest wallet user information.\\n\\nThe digital assets drained so far include about $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum. The stolen funds have been moved through centralized exchanges and cross-chain bridges for laundering and swapping. According to an update shared by blockchain investigator ZachXBT, the incident has claimed hundreds of victims.\\n\\n\\”While ~$2.8 million of the stolen funds remain in the hacker’s wallets (Bitcoin\/ EVM\/ Solana), the bulk \u2013 \\u003e$4M in cryptos \u2013 has been sent to CEXs [centralized exchanges]: ~$3.3 million to ChangeNOW, ~$340,000 to FixedFloat, and ~$447,000 to KuCoin,\\” PeckShield said.\\n\\n\\”This backdoor incident originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rather than an injected compromised third\u2011party dependency (e.g., malicious npm package),\\” SlowMist said.\\n\\n\\n\\n\\”The attacker directly tampered with the application’s own code, then leveraged the legitimate PostHog analytics library as the data\u2011exfiltration channel, redirecting analytic traffic to an attacker\u2011controlled server.\\”\\n\\nThe company said there is a possibility that it’s the work of a nation-state actor, adding the attackers may have gained control of Trust Wallet\u2011related developer devices or obtained deployment permissions prior to December 8, 2025.\\n\\nChangpeng Zhao, a co-founder of crypto exchange Binance, which owns the utility, hinted that the exploit was \\”most likely\\” carried out by an insider, although no further evidence was provided to support the theory.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-12-26T15:31:00″,”modified”:”2025-12-26T15:45:39″,”type”:”thn”,”title”:”Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code”,”source”:””,”references”:””,”id”:”THN:B39444ED0FFC8030D8D1CD3066320402″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/12\/trust-wallet-chrome-extension-bug.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-26T15:52:59″,”description”:”\\n\\nTrust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a \\”security incident\\” that led…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-32920","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n