- Here’s how TrustWallet was hacked, and why it was so devastating
- TrustWallet team breaks silence: Will losses be compensated?
Binance-backed TrustWallet, one of the most popular self-custody wallets in crypto, suffered an eccentric hack. Malefactors managed to intercept seed phrases, restore wallets autonomously and stole over $7 million in various cryptos.
Here’s how TrustWallet was hacked, and why it was so devastating
Today, Dec. 26, 2025, TrustWallet, a mainsteram multichain crypto wallet, suffered a hacker attack. As unveiled by cybersecurity researchers, malicious code — JavaScript payload — was injected into the v2.68.0 build for TrustWallet’s browser extension for Google Chrome.
TrustWallet deployed the infected Chrome extension v2.68.0 on Dec. 24, 2025. Shortly after, users who imported or accessed their seed via this version started losing funds immediately.
Technically, the vector of attack was the following: the malicious software element was recognized by the wallet as an analytics module. Instead, it managed to access seed phrases and send them to the domains created days ago.
To prevent this from being disclosed, the domains were masked using “TrustWallet Metrics,” “TrustWallet Metrics API” and similar titles. At the same time, once mnemonics leaked, malefactors just restored (“imported”) wallets on their infrastructure and legitimately withdrew the funds.
This design made the hack incredibly dangerous and quiet; with seed phrases hijacked by bad actors, approval, authorization or even opening the wallet opening is not needed. That is why the only recommendation from security researchers was to switch off the computers with installed TrustWallets from the internet.
The attack affected funds on Bitcoin (BTC), Solana (SOL), BNB Smart Chain (BSC) and a number of EVM ecosystem L2s.
TrustWallet team breaks silence: Will losses be compensated?
The loot was immediately sent to ChangeNOW, FixedFloat, KuCoin and HTX. At first, users were not even able to count how much crypto was stolen.
According to the official statement by TrustWallet, the net sum of losses totals $7 million in equivalent. The developers have already released the v2.69.0 build and encourage everyone to upgrade to it.
The TrustWallet team assured that every victim will be refunded. The exact details of the compensation program are yet to be announced.
TWT’s price immediately dropped to $0.76, the lowest since mid-September, losing 8% in no time. By press time, the losses have been absorbed.
Source: https://u.today/multimillion-trustwallet-hack-heres-what-is-known-so-far
