Trust Wallet suffered an attack: Everything you need to know about the compensation process

tx_pending_forever · 2026-01-20T16:14:45+00:00

Following a security breach in the Trust Wallet Chrome extension, the company implemented a compensation plan for those affected. Users can request a refund through a portal by providing basic information about the compromised funds. The incident affected $7 million due to malicious code injection. Trust Wallet also warned about phishing attempts related to the compensation program.

tx_pending_forever

2026-01-20 16:14:45

Abstract generation in progress

Following the security incident that affected the Trust Wallet Chrome extension in late December, the company activated a compensation plan for affected users. Eowyn Chen, the platform leader, revealed operational details so that those impacted can recover their assets.

How to access compensation for the Trust Wallet incident

Users whose wallets were compromised between December 24 and 26 can request a refund through a specially enabled portal. The process is straightforward and requires basic information.

To submit your request, you need to provide:

Your email address
The public addresses of the affected wallets
The addresses from which the funds were moved
The transaction (hashes) of the drain

In the description section, you should include the exact amount to recover and a new wallet address where you will receive the compensation. Eowyn Chen suggested generating a completely new wallet for this process as an additional security measure.

The company also collects geographic location data of the affected users to facilitate subsequent criminal investigations against those responsible for the attack.

The attack that compromised $7 millions

The incident involved injecting malicious JavaScript code into version 2.68 of the extension. The criminals managed to intercept recovery phrases from all users who logged in during the vulnerable period.

Experts suggest that the attackers gained access through API keys used in the update distribution process in the Google extension store. This attack vector represents a breach in the software supply chain.

Warnings about impersonation scams

Trust Wallet issued a statement warning about phishing attempts using fake compensation programs. The official never requests passwords, sensitive personal data, or seed phrases under any circumstances.

Always verify that you are accessing the official domain before providing any information.

Reflections on security in cryptocurrencies

This incident underscores the importance of maintaining robust practices in the software distribution chain. Self-custody wallets, while offering greater control, require users to be extremely cautious with browser extensions, as these have access to critical data.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.