On-Chain Detective ZachXBT Sounds Alarm: Trust Wallet Confirms Extension Vulnerability Leading to Millions of Dollars Stolen

In just a few hours, funds from hundreds of wallets were abnormally transferred due to a vulnerability in the Trust Wallet Chrome extension, resulting in losses of at least $6 million. Attackers embedded PostHog JS scripts to collect user wallet information, and the fix has not fully addressed this risk.

In 2025, Web3 security losses are estimated to reach approximately $3.35 billion, with attack incidents showing a trend of “fewer events but larger single-loss amounts.”

01 Incident Outbreak

Trust Wallet, with approximately 17 million monthly active users and holding about 35% of the market share, is a mainstream non-custodial crypto wallet. This security incident has a wide impact.

After the attack, on-chain detective ZachXBT monitored and disclosed the incident. Hundreds of Trust Wallet users reported that their wallet addresses experienced abnormal fund transfers in the past few hours.

More concerning is that security experts point out that even upgrading to the patched version does not eliminate the risk entirely, as the problematic PostHog JS was not removed in the fix.

02 Nature of the Vulnerability

A typical supply chain attack. According to SlowMist security experts, the core of this vulnerability lies in attackers embedding malicious code into the extension through technical means. The attacker must be very familiar with the wallet’s extension source code to carry out such an attack.

Long-term security risks of plugin wallets. This is not Trust Wallet’s first security incident. In November 2022, its browser extension was found to have a WebAssembly vulnerability, leading to approximately $170,000 stolen.

Limitations of official patches. Although Trust Wallet released a fix, security experts point out that risks still remain. This highlights the complexity and delays involved in patching plugin wallets.

03 Industry Security Status

This year, the Web3 security landscape remains severe. A report by CertiK shows that in 2025, losses caused by hacking, scams, and vulnerabilities are estimated at about $3.35 billion, higher than in 2024 (approximately $2.446 billion).

Attacks are trending towards “fewer but larger.” The CertiK report notes that excluding the massive Bybit incident (~$1.447 billion), the total stolen funds are lower than the previous year, showing a pattern of “fewer incidents but larger single losses.”

Supply chain attacks have become mainstream. The 2025 report indicates that supply chain attacks caused the highest losses, while phishing incidents are the most numerous.

04 Historical Vulnerabilities in Mainstream Wallets

Plugin wallets have long been a weak link in the crypto ecosystem, with several mainstream wallets experiencing security incidents. Here are some typical cases from recent years:

MetaMask’s “Demonic” vulnerability: In 2022, MetaMask had a vulnerability called “Demonic” affecting versions prior to 10.11.3, where private keys could be exposed in browser memory. Fortunately, no large-scale fund losses have been reported.

Phantom’s security controversy: Early 2025, Phantom wallet extension was involved in a security controversy. A user lost $500,000 due to private keys being stored unencrypted in memory. This led to a class-action lawsuit filed in the Southern District of New York.

Rabby Wallet’s Swap vulnerability: In 2022, Rabby Wallet’s Swap feature had a vulnerability that allowed hackers to steal about $200,000 worth of crypto assets. Notably, this vulnerability was not from the plugin itself but from its built-in Swap function.

05 Prevention Guidelines and Emergency Measures

In the face of increasingly complex crypto security threats, users need to take a series of measures to protect their assets.

Key prevention steps: First, immediately disconnect from the internet and transfer assets. For users with wallets running potentially vulnerable versions, be sure to disconnect first, then export seed phrases to transfer assets.

Second, strictly verify the source of extensions. Only download wallet extensions from the official Chrome Web Store, avoiding third-party sources.

Regular updates and secure backups. Keep all crypto-related software up to date, and store seed phrases offline in a secure location.

Platform security choices: For users seeking higher security, choosing reputable centralized exchanges for asset storage and trading is a wise choice. Platforms like Gate, which employ multi-layer security mechanisms and separate hot and cold wallets, can provide an additional layer of protection.

Mainstream exchanges like Gate typically have security funds and implement strict fund monitoring systems, which play an important role in safeguarding user assets.

06 Market Reaction and Gate Platform Role

Market sentiment is turning cautious. Influenced by security incidents and year-end liquidity, the crypto market sentiment has shifted to caution. Data shows that today’s crypto fear and greed index is 20, indicating an “extreme fear” state.

Mainstream Cryptocurrency Market Performance

Below are the prices of major cryptocurrencies in the open market. Please note that real-time prices on the Gate platform may differ; refer to Gate’s official data for specifics:

• Bitcoin (BTC): approximately $88,853.76, up 1.44% in 24 hours
• Ethereum (ETH): approximately $2,969.15, up 1.02% in 24 hours
• Solana (SOL): approximately $122.81, up 0.33% in 24 hours
• Ripple (XRP): approximately $1.86, down 0.24% in 24 hours
• Dogecoin (DOGE): approximately $0.1255, down 2.29% in 24 hours

The occurrence of the Trust Wallet security incident underscores the importance of trading on platforms like Gate that implement strict security measures.

The industry is moving toward a more mature direction. The 2025 security report shows that although losses have increased, the DeFi sector demonstrates signs of maturity in security.

This indicates that with continuous improvements in security measures and increased user awareness, the entire crypto ecosystem is becoming more robust and reliable.

Future Outlook

In the crypto market, Meme coin WhiteWhale has hit a new high on the Solana chain, with a 24-hour increase of 33.82%, surpassing a market cap of $18 million. This speculative behavior contrasts sharply with the severe security situation.

After the Trust Wallet vulnerability incident, more users are turning to mainstream platforms that prioritize security. As security expert SlowMist emphasizes, users need to disconnect from the internet before transferring assets, reflecting a high level of personal asset management responsibility.