- Malicious v2.68 extension exploited leaked API keys, affecting 2,520 wallets and exposing $8.5M in crypto assets.
- Trust Wallet rolled back to a safe release (v2.69) and launched a verified reimbursement process for victims.
- Industry-wide supply chain flaws highlight growing threats to browser extensions and crypto wallet security.
Trust Wallet users faced a serious security breach when the Browser Extension v2.68 was hacked. Between December 24 and 26, 2025, a malicious version slipped past normal release checks, putting users’ wallet data at risk. Attackers used a leaked Chrome Web Store API key to upload the tampered extension, draining 2,520 wallets and stealing about $8.5 million in crypto.
The incident highlights a critical vulnerability in the browser extension ecosystem. Trust Wallet emphasized that mobile app users and other extension versions remained unaffected. However, anyone using v2.68 during the affected period faced high-risk exposure. Trust Wallet urged users to move their assets to newly created wallets immediately. They also initiated a reimbursement process, verifying wallet ownership before returning funds.
How the Attack Unfolded
The breach traces back to the November Sha1-Hulud supply chain incident, which exposed developer secrets across multiple companies. Attackers obtained GitHub access, including Trust Wallet’s browser extension code and Chrome Web Store credentials.
Using this access, they prepared a malicious build, hosting code on the domain api.metrics-trustwallet.com. This version automatically passed Chrome Web Store review, bypassing Trust Wallet’s internal approval process.
“From the moment we became aware of the security incident, teams within Trust Wallet mobilized immediately,” the company stated. “Protecting our users and preventing additional harm has been and remains our highest priority.”
By December 25, white-hat researchers and community investigators flagged wallet-draining activity. Trust Wallet quickly rolled back to a verified clean release (v2.69) and issued urgent instructions to update the extension.
Additionally, the team is expanding support capacity to manage reimbursement claims, with over 5,000 submissions reported. They stress that careful verification is essential to prevent fraudulent claims, given the risk of impersonators. The company plans to integrate a customer service verification tool in version 2.70 to strengthen claim verification.
Security Measures and Ongoing Investigation
Trust Wallet has reinforced its security protocols, including tighter access controls, credential rotation, and monitoring across release pipelines. Moreover, the company is reviewing supply chain protections, dependency scanning, and incident response workflows to prevent future breaches.
They noted, “We view this incident not only as a critical lesson for Trust Wallet, but as a potential inflection point for the broader industry.”
