Major security vulnerability in Trust Wallet browser extension causes $6 million in damages

Serious Vulnerability Discovered in Trust Wallet Browser Extension, Leading to Unanticipated Losses of Virtual Assets for Multiple Users. The Damage Exceeds $6 Million, and the Company Has Initiated Emergency Response Immediately.

Timeline from Issue Discovery to Response

On-chain investigator ZachXBT pointed out anomalies on Telegram, bringing this security issue to public attention. His warning reported that several Trust Wallet users were experiencing rapid fund outflows. Following this, an investigation revealed that a specific version of the Chrome extension had a vulnerability.

Trust Wallet’s investigation team confirmed that version 2.68 of the extension was the source of the problem. Meanwhile, users of the mobile app and those using other versions remain unaffected and secure.

Extent of Damage and Attack Methodology

According to detailed investigations by ZachXBT, it is estimated that attackers stole assets worth over $6 million. Hundreds of users were affected. Hackers exploited flash loan techniques to transfer stolen assets, with over $4 million subsequently sent to centralized exchanges.

This vulnerability allowed attackers direct access to user assets, resulting in unauthorized withdrawals. The browser extension was the most exposed area to risk.

Immediate Actions Users Should Take

Trust Wallet has issued security guidance to prevent further damage:

First and foremost, users must immediately upgrade their extension to version 2.69, which includes the latest security patches.

Next, it is recommended to transfer holdings to the mobile app, which features biometric authentication and offers a lower security risk environment compared to browser extensions.

Additionally, regularly reviewing wallet transaction history is crucial. Early detection of suspicious activity can help mitigate losses.

Refund Outlook and Past Precedents

Notably, Trust Wallet experienced a security breach in November 2022. At that time, a vulnerability in WebAssembly led to a loss of approximately $170,000, which the company compensated for all affected users.

However, the current scale of damage is much larger, and as of December 2025, no official refund plan has been announced. Victims are awaiting clear communication from the company. Due to the magnitude of the losses, it may take considerable time to finalize any reimbursement policies.

Warning to the Industry

This incident underscores the importance of timely security updates. It also highlights that attacker techniques are becoming increasingly sophisticated.

Users should practice regular software updates, diversify asset management, and continuously monitor transactions. Such vigilance is especially critical when using browser-based wallets.

This series of events is likely to reignite discussions around custodial risks in the industry. Re-evaluating and strengthening security standards is becoming an unavoidable step for future industry development.