Several users of Trust Wallet, which is owned by Binance, were hit by a serious security issue linked to a recent update of its Chrome browser extension. The problem affected version 2.68 and led to money being drained from wallets without users approving any transactions.
Trust Wallet has confirmed the incident. The issue came to light after blockchain investigator ZachXBT noticed reports from users who saw funds leaving their wallets unexpectedly. At first, the exact cause wasn’t clear, but the reports appeared shortly after the extension update, raising red flags.
Based on the wallet addresses involved, losses are estimated to be more than $6 million, affecting hundreds of users. Attackers spread the stolen funds across multiple wallets in small amounts. One wallet linked to the exploit was still holding more than $2.7 million in crypto at the time of reporting.
Trust Wallet has not yet released a full explanation of what went wrong, but it urged users to immediately stop using the affected version and update to version 2.69. The company warned users not to open the Trust Wallet browser extension until the update is complete to avoid further losses.
To update safely, users were told to manually refresh the extension through Chrome’s extension settings and confirm that the version number shows 2.69 before using it again.
Many users were upset by the lack of detailed information and demanded answers. Most of all, they wanted to know whether they would get their money back.
Former Binance CEO Changpeng Zhao stepped in to address those concerns. He confirmed that Trust Wallet will fully reimburse all affected users. In a post on X, Zhao said around $7 million was impacted and assured users that Trust Wallet will cover the losses. He also said the team is still investigating how the compromised version of the extension was approved and released.
Some users believe the incident may involve an insider, though no proof has been shared so far. While Trust Wallet has not confirmed this, insider threats are not uncommon in the crypto industry. In recent years, hackers have sometimes gained access by posing as developers or IT staff.
For now, users are advised to stay cautious, update immediately, and wait for Trust Wallet to release a full report explaining what happened and how similar issues will be prevented in the future.
