- This is how TrustWallet was hacked, and why it was so devastating
- TrustWallet group breaks silence: Will losses be compensated?
Binance-backed TrustWallet, one of the crucial fashionable self-custody wallets in crypto, suffered an eccentric hack. Malefactors managed to intercept seed phrases, restore wallets autonomously and stole over $7 million in varied cryptos.
This is how TrustWallet was hacked, and why it was so devastating
At the moment, Dec. 26, 2025, TrustWallet, a mainsteram multichain crypto pockets, suffered a hacker assault. As unveiled by cybersecurity researchers, malicious code — JavaScript payload — was injected into the v2.68.0 construct for TrustWallet’s browser extension for Google Chrome.
TrustWallet deployed the contaminated Chrome extension v2.68.0 on Dec. 24, 2025. Shortly after, customers who imported or accessed their seed by way of this model began dropping funds instantly.
Technically, the vector of assault was the next: the malicious software program ingredient was acknowledged by the pockets as an analytics module. As a substitute, it managed to entry seed phrases and ship them to the domains created days in the past.
To stop this from being disclosed, the domains had been masked utilizing “TrustWallet Metrics,” “TrustWallet Metrics API” and comparable titles. On the similar time, as soon as mnemonics leaked, malefactors simply restored (“imported”) wallets on their infrastructure and legitimately withdrew the funds.
This design made the hack extremely harmful and quiet; with seed phrases hijacked by unhealthy actors, approval, authorization and even opening the pockets opening is just not wanted. That’s the reason the one advice from safety researchers was to change off the computer systems with put in TrustWallets from the web.
The assault affected funds on Bitcoin (BTC), Solana (SOL), BNB Sensible Chain (BSC) and a lot of EVM ecosystem L2s.
TrustWallet group breaks silence: Will losses be compensated?
The loot was instantly despatched to ChangeNOW, FixedFloat, KuCoin and HTX. At first, customers weren’t even capable of depend how a lot crypto was stolen.
In response to the official assertion by TrustWallet, the online sum of losses totals $7 million in equal. The builders have already launched the v2.69.0 construct and encourage everybody to improve to it.
The TrustWallet group assured that each sufferer can be refunded. The precise particulars of the compensation program are but to be introduced.
TWT’s value instantly dropped to $0.76, the bottom since mid-September, dropping 8% very quickly. By press time, the losses have been absorbed.