Trust Wallet Browser Extension v2.68 Breach: $8.5M Drained, 2,520 Wallets Affected & Reimbursement Plan

Source: CryptoTale Original Title: Trust Wallet Issues Update on Browser Extension v2.68 Hack Original Link: https://cryptotale.org/trust-wallet-issues-update-on-browser-extension-v2-68-hack/ Trust Wallet has issued a detailed update after a malicious browser extension compromised user wallets. The incident involved an unauthorized Trust Wallet Browser Extension v2.68 release on the Chrome Web Store between December 24 and December 26, 2025, after attackers exploited leaked publishing credentials.

What Trust Wallet Confirmed

According to Trust Wallet, attackers published a tampered version of Browser Extension v2.68 that bypassed internal approval and review processes. The attacker used a leaked Chrome Web Store API key to publish the extension externally.

The malicious extension allowed access to sensitive wallet data, enabling attackers to execute transactions without user authorization once wallets were opened. Trust Wallet stressed the incident only affected users who logged in during the specified window.

The company has high confidence the incident links to the November 2025 Sha1-Hulud attack—an industry-wide supply chain breach that compromised npm packages across multiple sectors. During that incident, Trust Wallet’s developer GitHub secrets were exposed, including extension source code access and publishing credentials. Attackers used this access to prepare a modified build based on earlier extension code that referenced attacker-controlled domains designed to collect wallet data.

Scope of Impact

Only Browser Extension v2.68 users who logged in between December 24 and December 26 were impacted. Users who logged in after December 26 at 11:00 UTC remained unaffected. Mobile app users and other browser extension versions were not impacted.

Trust Wallet identified 2,520 wallet addresses drained during the incident, with stolen assets totaling approximately $8.5 million across multiple blockchains. Investigators linked those losses to 17 wallet addresses controlled by the attacker. However, those attacker addresses also drained non-Trust Wallet users, and investigators continue tracking additional wallets outside the confirmed list.

Response and Reimbursement Plan

Trust Wallet rolled back the extension and released a clean version labeled v2.69, while disabling publishing credentials and restricting deployment access. The response included coordination with blockchain analytics partners and researchers who helped flag suspicious wallet activity and disrupted attacker infrastructure.

Trust Wallet confirmed it will voluntarily reimburse affected users. The company has identified 2,520 verified wallets eligible for reimbursement. However, Trust Wallet received over 5,000 claims, raising verification concerns. As a result, the company emphasized strict ownership verification combining multiple data points and manual case reviews to prevent fraud.

Trust Wallet announced development of a verification tool in Browser Extension v2.70 to provide affected users with additional validation. Affected users were advised to move funds to newly created wallets. The update also detailed ongoing security improvements including tighter access controls, enhanced monitoring, and credential rotation. Investigations remain active with updates continuing through official channels.