Trust Wallet Users Warned to Avoid Extension After Security Issue Leads to Over $6 Million in Losses

A routine browser update turned into a nightmare for parts of the crypto community, as users woke up to find their wallets quietly emptied.

What began as scattered complaints quickly grew into a serious security investigation, forcing Trust Wallet to issue an urgent warning and raising fresh concerns about the safety of browser-based wallets.

Trust Wallet Confirms Extension Security Incident

Trust Wallet confirmed on Friday morning that a security incident affected version 2.68 of its Chrome browser extension.

The company urged users to disable the extension immediately and upgrade to the latest version, stressing that the issue was limited to this specific release.

Trust Wallet said its mobile app and other browser extension versions were not impacted.

An investigation is ongoing, and the team said updates will be shared as more information becomes available.

Christmas Day Reports Trigger Alarm Across Crypto Community

Reports of unauthorised wallet drains began circulating on Christmas Day, catching many users off guard during the holiday period.

The issue was first flagged publicly by on-chain investigator ZachXBT, who said he had received multiple independent reports from Trust Wallet users claiming their funds were withdrawn without approval.

Within hours, the warning spread across Telegram and X, prompting widespread concern among self-custody wallet users and security researchers.

Millions Lost as Investigation Expands Across Blockchains

According to ZachXBT, the reported incidents were not confined to a single blockchain.

Affected wallets were linked to EVM-compatible networks, Bitcoin and Solana, suggesting a broader issue rather than an isolated smart contract exploit.

ZachXBT shared wallet addresses believed to be connected to the thefts and later said that hundreds of users may have been affected.

Based on early on-chain tracking, losses were estimated to exceed $6 million, though the figure remains provisional as more reports are assessed.

What Researchers Found Inside the Extension Code

A key detail quickly drew attention.

The reports closely followed an update to the Trust Wallet Chrome extension released on 24 December.

As concerns grew, independent security researchers and community members began reviewing the updated extension.

On X, a security analyst with username 0xakinator shared analyses pointed to a JavaScript file, identified as 4482.js, which appeared to contain newly added code not clearly explained in release notes.

He alleged the code behaved like analytics functionality, was capable of monitoring wallet activity, and appeared to activate when users imported a seed phrase into the extension.

He claimed data was transmitted to a domain identified as metrics-trustwallet[.]com.

Additionally, the domain had been registered only days earlier and later became inaccessible.

These findings led to speculation about a possible supply-chain style compromise.

However, the conclusions were based on third-party analysis and had not been confirmed by an official audit at the time.

Seed Phrase Imports Linked to Rapid Wallet Drains

Several affected users said their funds were drained almost immediately after importing a seed phrase into the Trust Wallet browser extension.

One widely shared post on X claimed losses of $700,000.

While individual claims cannot be independently verified in isolation, the consistency of reports and the speed of fund movements observed on-chain heightened concerns that importing seed phrases into the affected extension version may have exposed users to immediate risk.

Trust Wallet Response and Version-Specific Impact

Following mounting reports, Trust Wallet acknowledged the incident and clarified its scope.

The company said the issue was limited to Trust Wallet Browser Extension version 2.68.

Users were told to disable the extension and upgrade to version 2.69, which was released as a fix.

Trust Wallet reiterated that mobile-only users were not affected and advised users to download updates only through the official Chrome Web Store listing.

Security Advice Circulates as Investigation Continues

As clarity continues to emerge, users are being urged to review recent transactions, revoke unnecessary permissions and avoid signing new transactions until the situation is fully understood.

Security researchers have also warned against importing seed phrases into browser extensions unless absolutely necessary and advised moving remaining funds to fresh wallets created on secure devices.

Trust Wallet is still continuing its internal review into what caused the incident.

They have advised affected users to reach out to their support team.