A major Trust Wallet security breach has sent shockwaves through the crypto community after millions of dollars in cryptocurrency were stolen from users following a compromised browser extension update. The incident has raised urgent questions about the safety of browser-based crypto wallets and the risks of supply-chain attacks.

The attack is linked to Trust Wallet Browser Extension version 2.68, released on December 24, 2025. Shortly after installing the update, users began reporting sudden and unexplained losses from their wallets. In many cases, funds disappeared within minutes, leaving victims with no opportunity to react.

On-chain investigators revealed the scale of the breach was far larger than initially believed. In just 26 transactions, attackers reportedly stole more than $10.6 million in cryptocurrency. The largest single loss involved 666 ETH, worth roughly $2 million at the time of the theft. Hundreds of users across multiple blockchains, including Ethereum, Bitcoin, and Solana, were affected.

Victims shared similar experiences across social media and crypto forums. Many said their wallets were drained immediately after importing a seed phrase into the Trust Wallet browser extension. Blockchain investigator ZachXBT observed that stolen funds were quickly moved across multiple addresses and chains, pointing to a highly automated exploit rather than isolated phishing scams.

Security researchers later discovered that the compromised update contained malicious JavaScript code disguised as a legitimate component. This code silently captured users’ seed phrases and transmitted them to the attacker. With full access to private keys, the attacker was able to transfer funds instantly without triggering warnings.

Trust Wallet confirmed the breach and urged users to disable the affected browser extension immediately. The company released version 2.69 to address the vulnerability and emphasized that only browser extension version 2.68 was affected. Users of the Trust Wallet mobile app were not impacted.

In a public response, Trust Wallet advised users to avoid entering seed phrases into browser extensions until the issue is fully resolved. Binance founder Changpeng Zhao also addressed the incident, stating that Trust Wallet would compensate users who lost funds and reassuring the community that victims would be reimbursed.

The incident highlights a growing threat facing the crypto industry. Browser extensions operate with elevated permissions and direct access to sensitive data, making them an increasingly attractive target for attackers. Supply-chain attacks, where trusted software updates are modified to include malicious code, are becoming more frequent and harder to detect.

For now, crypto users are urged to take extra precautions. Security experts recommend disabling affected extensions, upgrading only through official sources, and avoiding browser wallets for storing large amounts of cryptocurrency. Hardware wallets and mobile wallets are considered safer alternatives for long-term storage.

As investigations continue, the Trust Wallet hack serves as a stark reminder that even trusted crypto tools can become attack vectors overnight. In an ecosystem where users control their own keys, security mistakes can be costly — and often irreversible.