Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Briefly

"Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible."

"According to details shared by SlowMist, version 2.68 introduced malicious code that's designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet. "The encrypted mnemonic is then decrypted using the password or passkeyPassword entered during wallet unlock," the blockchain security firm said. "Once decrypted, the mnemonic phrase is sent to the attacker's server api.metrics-trustwallet[.]com."

"The domain "metrics-trustwallet[.]com" was registered on December 8, 2025, with the first request to "api.metrics-trustwallet[.]com" commencing on December 21, 2025. Further analysis has revealed that the attacker has leveraged an open‑source full‑chain analytics library named posthog-js to harvest wallet user information. The digital assets drained so far include about $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum. The stolen funds have been moved through centralized exchanges and cross-chain bridges for laundering and swappi"