A massive hack has struck Trust Wallet, one of the most widely used crypto wallets, resulting in estimated losses exceeding $6 million. The attack affected hundreds of users and underscores the vulnerability of browser extensions in the digital asset ecosystem.
The breach, reported on December 24, 2025, was triggered by a malicious update to Trust Wallet’s browser extension, version 2.68. Hidden within what appeared to be a legitimate update was code designed to siphon off funds as soon as users entered their recovery seed phrases.
Blockchain researcher ZachXBT confirmed that hundreds of wallets were emptied within minutes. The stolen assets spanned multiple chains, with roughly 40% in Solana (SOL), 35% in EVM-compatible tokens, and 25% in Bitcoin (BTC). The speed and scale of the theft shocked the crypto community, highlighting the dangers of internet-connected wallet tools and the difficulty for users to react in real time.
Security experts, including Vladimir S., identified the incident as a supply chain attack. Instead of originating from a compromised account or user error, the malicious code was embedded directly in the official update itself.
As a result, users who installed version 2.68 and entered their seed phrases inadvertently authorized the immediate transfer of their funds to unknown addresses. Trust Wallet has urged affected users to disable the compromised extension immediately and update to version 2.69, which is available on the Chrome Web Store.
Importantly, mobile versions of the wallet remained unaffected, limiting the scope of the breach. This episode demonstrates the unique risks posed by browser extensions and the importance of validating the source of updates before installation.
The financial and psychological impact of the hack has been severe. Victims face immediate losses, and the incident has intensified distrust toward digital wallets. While some in the crypto community, including influencers and analysts, are calling for Trust Wallet to provide compensation, users must take proactive steps to protect themselves.
Recommendations include avoiding entry of seed phrases in unsecured environments, transferring funds to hardware wallets if possible, and closely monitoring transactions for any suspicious activity. Updating to the secure version of the extension is critical, as is general vigilance in handling digital assets.
The Trust Wallet breach serves as a stark reminder that securing crypto holdings is an ongoing challenge, and it raises pressing questions about whether platforms are doing enough to protect their users from sophisticated scams.
Dubai has launched its first government-backed platform, Prypco Mint, allowing people to buy small shares in property using blockchain. The system links directly to official land records and aims to make real estate investment easier and more secure.
WeatherlyOpenAI is opening its first Seoul office to meet rising demand for ChatGPT in South Korea, hiring local talent and strengthening strategic partnerships — most notably, a collaboration with Korean tech giant Kakao.
CatherineAir Arabia now accepts AE Coin, a UAE-regulated stablecoin pegged to the dirham, for flight bookings, reflecting its push for innovation and alignment with the UAE’s digital finance evolution.
KikyoCriminals are increasingly using kidnapping and violence to steal cryptocurrency, targeting people instead of systems. As cyber defences improve, attackers are turning to physical threats—including torture—to force victims to give up access to their funds.
AnaisCircle has denied rumours it is being sold to Ripple or Coinbase, saying it is not for sale. The company is continuing with its IPO plans and wants to grow on its own.
WeatherlyIndia’s crypto industry is pushing for tax reform amidst rising government engagement and the return of major exchanges like Coinbase and Binance. Leaders say high taxes are hindering innovation and driving talent overseas.
CatherineScam losses in Singapore rose sharply to over S$1.1 billion last year, with authorities considering caning as a possible punishment to deter offenders. Despite a drop in some scam cases, financial losses remain high, especially among older adults targeted by “fake friend” scams.
AnaisHackers used the Migos Instagram account to post personal documents of Solana co-founder Raj Gokal. The leak included his passport, address, and family photos, and stayed online for 90 minutes before being taken down.
AnaisWith high mobile adoption and limited banking access, Africa is primed for real-world crypto use—and global players are responding. Blockchain.com plans to open a Nigerian office as it expands into key markets like Ghana, Kenya, and South Africa, amidst growing regulatory momentum.
CatherineA suspect in the crypto-linked kidnapping and torture of an Italian tourist in NYC has voluntarily surrendered, as the high-profile case continues to unfold.
Kikyo