Multimillion TrustWallet Hack: Here's What Is Known So Far
Binance-backed TrustWallet, one of the most popular self-custody wallets in crypto, suffered an eccentric hack. Malefactors managed to intercept seed phrases, restore wallets autonomously and stole over $7 million in various cryptos.Here's how TrustWallet was hacked, and why it was so devastatingToday, Dec. 26, 2025, TrustWallet, a mainsteram multichain crypto wallet, suffered a hacker attack. As unveiled by cybersecurity researchers, malicious code — JavaScript payload — was injected into the v2.68.0 build for TrustWallet's browser extension for Google Chrome.So here’s what’s happening :In the Trust Wallet browser extension code 4482.jsa recent update added hidden code that silently sends wallet data outsideIt pretends to be analytics, but it tracks wallet activity and triggers when a seed phrase is importedThe data was sent to… pic.twitter.com/8kkMUkDYqlTrustWallet deployed the infected Chrome extension v2.68.0 on Dec. 24, 2025. Shortly after, users who imported or accessed their seed via this version started losing funds immediately.Technically, the vector of attack was the following: the malicious software element was recognized by the wallet as an analytics module. Instead, it managed to access seed phrases and send them to the domains created days ago.To prevent this from being disclosed, the domains were masked using "TrustWallet Metrics," "TrustWallet Metrics API" and similar titles. At the same time, once mnemonics leaked, malefactors just restored ("imported") wallets on their infrastructure and legitimately withdrew the funds.This design made the hack incredibly dangerous and quiet; with seed phrases hijacked by bad actors, approval, authorization or even opening the wallet opening is not needed. That is why the only recommendation from security researchers was to switch off the computers with installed TrustWallets from the internet.I spoke with one of the TW team members anonymously, and from what I know, if you have the TW extension in Google and you have money there, disconnect the computer on which it is installed from the network and the Internet. This will minimise damage. https://t.co/zmUNzxaW7gThe attack affected funds on Bitcoin , Solana , BNB Smart Chain (BSC) and a number of EVM ecosystem L2s.TrustWallet team breaks silence: Will losses be compensated?The loot was immediately sent to ChangeNOW, FixedFloat, KuCoin and HTX. At first, users were not even able to count how much crypto was stolen.According to the official statement by TrustWallet, the net sum of losses totals $7 million in equivalent. The developers have already released the v2.69.0 build and encourage everyone to upgrade to it.Update on the Trust Wallet Browser Extension (v2.68) incident:We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded.Supporting affected users is our top priority, and we are actively finalizing the process to refund the… https://t.co/2XRx8GvZ75The TrustWallet team assured that every victim will be refunded. The exact details of the compensation program are yet to be announced.TWT's price immediately dropped to $0.76, the lowest since mid-September, losing 8% in no time. By press time, the losses have been absorbed.