20251226-thehackernews.com-b3944 | Perceptive Security

< Back to index

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Published:

26 December 2025 at 15:31:00

Alert date:

26 December 2025 at 17:02:16

Source:

thehackernews.com

Web Technologies, Data Breach & Exfiltration, Supply Chain & Dependencies

Trust Wallet's Chrome extension version 2.68 suffered a security incident that resulted in approximately $7 million in cryptocurrency losses. The breach was caused by malicious code injected into the browser extension. The extension has about one million users according to Chrome Web Store listings. Trust Wallet is urging all users to immediately update to the latest version to protect against further losses. The incident highlights the risks associated with browser-based cryptocurrency wallet extensions and the potential for supply chain attacks targeting popular crypto tools.

Technical details

Trust Wallet Chrome extension version 2.68 contained malicious code that iterates through all wallets stored in the extension and triggers mnemonic phrase requests for each wallet. The encrypted mnemonic is decrypted using the password or passkeyPassword entered during wallet unlock. Once decrypted, the mnemonic phrase is sent to the attacker's server api.metrics-trustwallet[.]com. The attacker leveraged the open-source full-chain analytics library posthog-js to harvest wallet user information and used the legitimate PostHog analytics library as the data-exfiltration channel, redirecting analytic traffic to an attacker-controlled server.

Mitigation steps:

Update Trust Wallet Chrome extension to version 2.69 immediately. Refrain from interacting with any messages that do not come from Trust Wallet's official channels. Mobile-only users and all other browser extension versions are not affected.

Affected products:

Trust Wallet Chrome Extension version 2.68