News 
Coin Information 
About us 
Customer Service 
Trust Wallet has confirmed that approximately $7 million in user funds were affected following a security incident involving its browser extension, raising serious concerns across the crypto industry about update security and insider risk. The issue was traced to Trust Wallet Browser Extension version 2.68, with the company emphasizing that mobile app users and other extension versions were not impacted.
Binance founder and former CEO Changpeng Zhao (CZ) addressed the situation publicly, stating that Trust Wallet will fully reimburse all affected users and reassuring the community that customer funds remain safe. However, CZ highlighted that investigators are still working to determine how a compromised update managed to pass official distribution checks. According to him, an insider role is considered the most likely explanation, shifting the focus away from a purely external exploit.
This revelation has intensified scrutiny around internal access controls, signing keys, and release approval workflows. Browser extensions distributed through platforms like the Chrome Web Store require strict credential management and multi-layered security checks. For a malicious or compromised build to be released through official channels, investigators typically suspect either stolen developer credentials or direct internal access, both of which point to operational security weaknesses rather than traditional software vulnerabilities.
Trust Wallet has since confirmed that reimbursement procedures are being finalized and that clear instructions will be shared directly with impacted users. At the same time, the company warned users to stay alert for phishing scams impersonating official support, a common secondary risk following high-profile crypto security incidents.
The market reaction was swift but short-lived. Trust Wallet’s native token, TWT, experienced a sharp dip after the news broke on December 25, reflecting investor uncertainty. Prices stabilized and rebounded the following day after confirmation that losses were limited and refunds would be issued.
This incident underscores a broader challenge facing the crypto wallet ecosystem. As browser extensions become a primary access point for digital assets, update governance, insider threat mitigation, and secure release pipelines are emerging as critical attack surfaces. The Trust Wallet case serves as a reminder that robust internal security is just as important as defending against external threats in protecting user funds.
Comment 0