Key Highlights:
- Chrome extension of the Trust Wallet was breached today, December 26, 2025, which drained $7 million from the users.
- Only browser extension had been affected.
- ZachXBT has also flagged scammer account.
Trust Wallet, a well-known wallet that is used by many of the community members to store and manage their crypto, is currently facing a security breach with its Chrome browser extension.
In the past few hours, many of the users noticed that money was flowing out of their wallets without their permission. This was then confirmed by blockchain sleuth, ZachXBT, and he stated that more than $6 million worth of crypto has already been stolen, affecting hundreds of users.
Incident Details and User Impact
ZachXBT’s monitoring showed that a lot of funds were being drained after the extension update. Trust wallet then issued an official statement and stated that only browser extension 2.68 has been impacted and asked users to immediately upgrade to 2.69. Mobile app users and other extension versions have not been affected by this security breach.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
PeckShield then reported that the attacker has managed to siphon about $4 million in centralized exchanges (CEX). This includes $3.3 million in ChangeNOW, $340,000 to FixedFloat, and $447,000 to KuCoin.
#PeckShieldAlert The @TrustWallet exploit has drained >$6M worth of cryptos from victims.
While ~$2.8M of the stolen funds remain in the hacker’s wallets (#Bitcoin/#EVM/#Solana), the bulk – >$4M in cryptos – has been sent to #CEXs: ~$3.3M to @ChangeNOW_io, ~$340K to… https://t.co/qMQY5Namgc pic.twitter.com/uHHaqVpNic
— PeckShieldAlert (@PeckShieldAlert) December 26, 2025
Binance founder CZ then updated that the total losses have been around $7 million. CZ then also assured its users that the Trust Wallet will cover the damages and all the funds are now safe. The team is currently investigating how the compromised version was submitted.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. 🙏
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
— CZ 🔶 BNB (@cz_binance) December 26, 2025
Founder of SlowMist Team, stated on his X that the attacker knew how Trust Wallet’s browser extension was built. According to the claim, the hacker secretly added PostHog JS, a tool that is used to track user activity, to collect wallet information without the knowledge of the user.
攻击者看来很熟悉 Trust Wallet 扩展源码的,植入 PostHog JS 来采集用户钱包各种信息。
Trust Wallet 修复版本没移除 PostHog JS @TrustWallet @EowynChen https://t.co/PM6I7lMCC9
— Cos(余弦)😶🌫️ (@evilcos) December 26, 2025
Even though Trust Wallet released a fix with the 2.69 version, some users are still worried because PostHog JS is reportedly still present in the update version. This is something that has raised doubts about whether the problem has been completely fixed or not.
Fake Victim Account Exposed Amid the Incident
The blockchain sleuth also exposed a fake victim account on X. According to ZachXBT, this account is being run by the scammer. He pointed out that there are several red flags about this account, which includes the fact that the user had changed their username 44 times, has been linked to meme coin scams in the past, and has posted only 234 times since 2023.
That X account is a scammer larping as a girl and lying about being a victim of the hack to bait engagement.
>44 username changes
>countless meme coin scams
>only 234 posts for a 2023 account
>they preblocked meX User ID: 1725149174780268544 pic.twitter.com/mGyLe5Jvf5
— ZachXBT (@zachxbt) December 26, 2025
All of these points indicate that scammers usually exploit panic during security incidents, and increase the risk of phishing and fake claims while users are already on edge.
Security Expert Explains How Safer Wallets Prevent Instant Fund Drains
SlowMist founder Cos also shared an important wallet security insight on X, where he explained that Account Abstraction (AA) wallets, such as those on Starknet, offer a better level of protection through features like two-factor authentication and cooling-off periods, which prevents instant fund drains even if recovery phrases are exposed.
He compared this with traditional Ethereum wallets, where a single approval can lead to major losses, and advised users to use tools with built in safeguards, pair them with hardware wallets, and avoid blind signing to reduce risk.
Also Read: $27M Hack Hits Whale Multisig Wallet, Highlights Security Flaws