top of page
perceptive_background_267k.jpg

Trust Wallet confirms extension hack led to $7 million crypto theft

Published:

26 December 2025 at 09:47:08

Alert date:

26 December 2025 at 18:02:16

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies, Data Breach & Exfiltration

Trust Wallet confirmed that a compromised Chrome extension update released on December 24 led to $7 million in cryptocurrency theft from user wallets. Multiple users reported their crypto wallets being drained after installing the malicious extension update. The incident prompted an urgent response from the company and warnings to affected users. Hackers also launched a phishing domain as part of the attack. This represents a significant supply chain attack targeting cryptocurrency users through a compromised browser extension.

Technical details

Trust Wallet Chrome extension version 2.68.0 was compromised through a supply chain attack. Malicious code was injected into the bundled JavaScript file named 4482.js containing tightly packed code that exfiltrates sensitive wallet data including seed phrases to an external server at api.metrics-trustwallet[.]com. The malicious code triggers when a seed phrase is imported and pretends to be analytics while tracking wallet activity. The compromised extension was released on December 24, 2024, and attackers simultaneously launched phishing campaigns using domains like fix-trustwallet[.]com to steal additional credentials.

Mitigation steps:

1. Do NOT open Trust Wallet Browser Extension until updated. 2. Go to Chrome Extensions panel: chrome://extensions/?id=egjidjbpglichdcondbcbdnbeeppgdph. 3. Switch Trust Wallet toggle to 'Off'. 4. Click 'Developer mode' in upper right corner. 5. Press 'Update' button. 6. Verify version is 2.69 (secure version). 7. Users who believe wallets were compromised should immediately move remaining funds to a new wallet with fresh seed phrase. 8. Treat any previously exposed recovery phrases as permanently unsafe. 9. Contact Trust Wallet support at https://twtholders.trustwallet.com if affected.

Affected products:

Trust Wallet Chrome Extension version 2.68.0

Related links:

http://x.com/cz_binance/status/2004397190819783013
https://x.com/Aaleks_crypt/status/2004281742031528262
https://x.com/0xakinator/status/2004273944694587785
https://chromewebstore.google.com/detail/trust-wallet/egjidjbpglichdcondbcbdnbeeppgdph?hl=en
https://x.com/0xakinator/status/2004297673067704651
http://x.com/AndrewMohawk/status/2004318649835049221
https://twitter.com/TrustWallet/status/2004316503701958786
https://archive.md/GA8rw
https://archive.md/aeRCV
https://archive.md/iBVbz
https://x.com/TrustWallet/status/2004355490734919980
https://x.com/TrustWallet/status/2004340002776555742
https://twtholders.trustwallet.com/

Related CVE's:

Related threat actors:

IOC's:

api.metrics-trustwallet[.]com, metrics-trustwallet[.]com, fix-trustwallet[.]com, 4482.js

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page