top of page
perceptive_background_267k.jpg

Trust Wallet Chrome extension hack tied to millions in losses

Published:

26 December 2025 at 09:47:08

Alert date:

26 December 2025 at 10:02:33

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Web Technologies, Data Breach & Exfiltration, Supply Chain & Dependencies

Trust Wallet Chrome extension users experienced cryptocurrency wallet draining after installing a compromised extension update released on December 24. The attack resulted in millions in losses as hackers distributed a malicious version of the popular cryptocurrency wallet extension. Users reported their funds being stolen after updating to the compromised version. The company issued urgent warnings to affected users and responded quickly to the incident. Hackers also launched phishing domains as part of the attack campaign targeting Trust Wallet users.

Technical details

Trust Wallet Chrome extension version 2.68.0 released on December 24 contained malicious code in bundled JavaScript file 4482.js that exfiltrated sensitive wallet data including seed phrases to external server api.metrics-trustwallet[.]com. The code was disguised as analytics but tracked wallet activity and triggered when seed phrases were imported. Parallel phishing campaign used fix-trustwallet[.]com to collect seed phrases from victims. Both malicious domains were registered days before the attack using the same registrar.

Mitigation steps:

Update Trust Wallet Chrome extension to version 2.69 immediately. Do not open the browser extension until updated. Disable extension version 2.68 by switching toggle to Off in Chrome extensions panel. Use developer mode to force update to version 2.69. Users with compromised wallets should immediately move remaining funds to new wallet with fresh seed phrase and treat exposed recovery phrases as permanently unsafe. Contact Trust Wallet customer support at twtholders.trustwallet.com for assistance.

Affected products:

Trust Wallet Chrome Extension version 2.68.0

Related links:

https://x.com/PeckShieldAlert/status/2004382831158714735
https://x.com/Aaleks_crypt/status/2004281742031528262
https://x.com/0xakinator/status/2004273944694587785
https://chromewebstore.google.com/detail/trust-wallet/egjidjbpglichdcondbcbdnbeeppgdph?hl=en
https://x.com/0xakinator/status/2004297673067704651
http://x.com/AndrewMohawk/status/2004318649835049221
https://twitter.com/TrustWallet/status/2004316503701958786
https://archive.md/GA8rw
https://archive.md/aeRCV
https://archive.md/iBVbz
https://x.com/TrustWallet/status/2004355490734919980
https://twtholders.trustwallet.com/
https://x.com/TrustWallet/status/2004340002776555742

Related CVE's:

Related threat actors:

IOC's:

api.metrics-trustwallet[.]com, metrics-trustwallet[.]com, fix-trustwallet[.]com, 4482.js

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page