Trust Wallet will reimburse users who lost funds in a Christmas Day security breach that drained roughly $7 million from desktop wallets, according to Binance co-founder Changpeng Zhao.

The exploit targeted Trust Wallet’s browser extension, specifically version 2.68, which the company later confirmed had been compromised. In a statement posted on X, Trust Wallet advised users to immediately upgrade to version 2.89 and said the issue had been contained.

Zhao, whose exchange Binance owns Trust Wallet, said the company would fully cover user losses tied to the incident.

Trust Wallet Official Statements.

Attack was planned weeks in advance, SlowMist says

Blockchain security firm SlowMist traced the exploit back to early December, suggesting the attack was neither accidental nor rushed. Yu Xian, SlowMist’s co-founder, wrote that the attacker began preparations around Dec. 8, implanted a backdoor on Dec. 22, and initiated fund transfers on Christmas Day.

The malicious code did more than siphon crypto.

According to SlowMist, it also exported users’ personal data to an external server controlled by the attacker, raising concerns that the breach went beyond a typical wallet exploit.

Onchain investigator ZachXBT said hundreds of Trust Wallet users were affected.

Signs point toward possible insider involvement

The nature of the attack has sparked unease within the security community. The attacker was able to submit a compromised version of the Trust Wallet extension to the project’s official distribution channel, a detail that immediately drew scrutiny.

Intergovernmental blockchain adviser Anndy Lian said the incident did not resemble a conventional external hack, arguing that the ability to deploy a malicious update suggested internal access or cooperation.

Zhao agreed that the exploit was "most likely" an insider.

SlowMist echoed that assessment, noting that the attacker appeared deeply familiar with the extension’s source code. That level of knowledge made it possible to insert a backdoor capable of quietly harvesting sensitive user information without triggering immediate alarms.

Trust Wallet has not publicly confirmed insider involvement, and investigations are ongoing.

Wallet exploits remain a growing threat

The incident adds to a growing list of wallet-related breaches affecting retail crypto users. According to Chainalysis, personal wallet compromises accounted for 37% of the value stolen in crypto-related attacks in 2025, excluding the $1.4 billion Bybit exploit reported in February.

While the Trust Wallet breach is smaller in scale than some high-profile incidents, such as the $9.7 million Ether loss suffered by Axie Infinity co-founder Jeff Zirlin in early 2024, it highlights a persistent vulnerability in browser-based wallet software.

Trust, distribution, and the cost of security failures

Trust Wallet positions itself as one of the industry’s most widely used self-custody tools, claiming a user base of more than 220 million. That scale amplifies the impact of any distribution-level failure, especially when updates themselves become the attack vector.

By committing to reimburse losses, Trust Wallet has moved quickly to contain reputational damage.

Whether that response will be enough may depend on what investigators uncover about how the compromised extension was approved and deployed in the first place.

Gnosis Chain Executes Hard Fork to Recover $9.4M from Balancer Hack | HODL FM
Gnosis Chain has confirmed that it executed a hard fork to recover…
hodl-post-imageHODL FM: The Wildest Ride in the Crypto MarketJordan V.
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require adviceHODL FM strongly recommends contacting a qualified industry professional.