Trust Wallet hacked: $7 million worth of assets stolen, official launches full compensation

Source: TokenPost Original Title: Trust Wallet, Fully Compensates 10 Billion Won Hacking Losses… Seed Phrase Exposure Incident Original Link: https://www.tokenpost.kr/news/cryptocurrency/319317

Incident Overview

Trust Wallet was hacked through a Chrome browser extension, resulting in the theft of approximately $7 million (about 10 billion Korean Won) in crypto assets. The wallet has initiated a full compensation process for victims. The attack originated from malicious code hidden in the extension update to version 2.68.

Incident Details

Trust Wallet officials announced the launch of a victim compensation process. The attack led to the leakage of recovery seed phrases for multiple wallets, with crypto assets worth tens of millions of dollars being transferred out. Blockchain analyst ZachXBT first discovered the incident, and users reported that assets rapidly flowed out after the update.

Trust Wallet has established a dedicated compensation claim channel. Victims are required to submit a declaration form including email, country of residence, affected wallet address, attacker’s address, and related transaction hashes. The company promises to prioritize review of compensation claims and conduct quick payouts after identity verification and loss confirmation.

Officials warn users to beware of fake compensation links and impersonation accounts. Phishing messages circulating on platforms like Telegram may cause secondary harm.

Technical Background

The attack was carried out through the normal update channel of the Chrome extension. Users automatically updated to version 2.68 via the official Chrome Web Store, where malicious code was hidden to collect recovery seed phrases and send them to hacker servers. Some users reported that their wallet balances were immediately emptied after entering the seed phrase.

Browser extensions have high web access permissions and local storage access, which, once compromised, can affect a wider scope. Trust Wallet has asked affected users to disable this version immediately and released a new version 2.69. Mobile app users and those using older versions are not affected by this incident.

Industry Context

This incident is part of the surge in cryptocurrency wallet thefts in 2025. According to Chainalysis data, from January to early December 2025, the total stolen crypto assets amounted to about $3.4 billion, with the proportion of personal wallets hacked increasing more than fivefold compared to three years ago. Personal wallets and extensions have become more frequent targets than centralized exchanges.

This incident highlights the risks associated with high-market-share extensions—single updates can disable hundreds of wallets. It also raises questions about the credibility of project development teams’ code review and release management systems.

Security Recommendations

1. Immediate Update: Upgrade Chrome extension to version 2.69 or higher immediately
2. Seed Phrase Storage: Never input seed phrases online; use offline storage methods
3. Vigilance: Avoid clicking on any compensation links outside official channels; beware of phishing messages

Related Definitions

Seed Phrase: A private sequence of words used to recover cryptocurrency wallets; exposure means complete security failure.

SAFU: An abbreviation for “Secure Asset Fund for Users,” a fund for user asset protection.