Trust Wallet browser extension vulnerability reported, user funds stolen over $6 million

On-Chain Detective ZachXBT’s daily report on the 25th indicated that multiple Trust Wallet users reported unauthorized fund outflows from their wallets within a few hours. According to preliminary monitoring and comprehensive reports, on-chain tracking shows that hundreds of victims have been affected, with stolen funds totaling at least $6 million so far.

We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.

Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb

Please note: Mobile-only users…

— Trust Wallet (@TrustWallet) December 25, 2025

Trust Wallet issued an emergency notice on its official X account, stating that version 2.68 of its browser extension has a security vulnerability. It recommends affected users disable version 2.68, upgrade to version 2.69 via the official Chrome Web Store, and not open the affected version until the update is complete. Trust Wallet stated that mobile applications and other extension versions are unaffected, and the team is actively investigating. As of the 26th, no compensation details have been announced by the official sources.

Public blockchain analysis from on-chain monitoring agencies shows that funds from many affected addresses were quickly transferred to a wallet controlled by the attacker. This pattern is common in cases of compromised extensions or front-end events, where malicious updates or vulnerabilities may lead to unauthorized signing requests or private key leaks. Trust Wallet’s advisory was issued only after the extension update, which has heightened community concerns about whether version 2.68 introduced or exposed vulnerabilities.