Trust Wallet, one of the most widely used non-custodial crypto wallets, has reported a serious security incident involving its Chrome extension. A compromised version of the extension led to the theft of an estimated $7 million in digital assets, highlighting how vulnerable browser-based wallets can be to modern supply chain attacks.
What Happened to the Trust Wallet Chrome Extension
The first signs of suspicious activity were publicly flagged by blockchain analyst and security researcher ZachXBT, who noticed that some Trust Wallet users were losing funds within minutes of interacting with the browser extension. On-chain analysis showed coordinated transfers of assets to addresses controlled by attackers.
Trust Wallet later confirmed the incident and identified the affected build as Chrome extension version 2.68. Users who installed or interacted with this release were at risk of having their assets drained. The company has since pushed an emergency update to version 2.69 and urged all users to upgrade immediately using the official instructions.
For anyone still on version 2.68, Trust Wallet has recommended not opening or using the compromised extension at all, in order to reduce the chance of additional unauthorized withdrawals.
Scale of Losses and Official Response from Trust Wallet
According to Trust Wallet’s owner, Changpeng Zhao (CZ), the confirmed losses currently stand at roughly $7 million in cryptocurrency. He publicly stated that the companies involved intend to fully reimburse affected users, an important step for preserving trust in the ecosystem and in non-custodial wallet solutions.
Technical details of the exploit have not yet been disclosed. However, the investigation is focused on how attackers managed to release or substitute a malicious extension build. This strongly suggests a potential supply chain attack, where the attacker compromises the software build, signing, or publishing process rather than targeting users directly.
How a Supply Chain Attack on a Crypto Browser Extension Works
Compromised Developer Accounts or Build Infrastructure
In a typical supply chain scenario, attackers gain access to a developer’s account in the browser extension store or infiltrate the infrastructure used to build and sign releases. Once inside, they can ship malicious “official” updates that are automatically trusted and installed by users.
Browser extension stores have previously been abused in similar ways: attackers have pushed malicious updates, injected backdoored libraries, or replaced dependencies with trojanized versions. Crypto wallets are particularly attractive targets, since the extension often has access to private keys, seed phrases, and transaction signing capabilities.
Automated Asset Draining and Transaction Manipulation
If the adversary controls the extension code, they can embed hidden logic that:
— Monitors when a wallet is unlocked and temporarily loads the seed phrase or private keys into memory;
— Intercepts or modifies transaction details before the user signs them;
— Automatically triggers transfers to attacker-controlled addresses without explicit consent, or disguises malicious transfers as legitimate interactions with DeFi or dApps.
Given how quickly affected users saw their funds disappear, the Trust Wallet incident is consistent with an automated asset-draining mechanism that activates immediately after updating or re-enabling the compromised extension.
Immediate Security Steps for Trust Wallet Users
What to Do If You Used Version 2.68
Users who may have installed or interacted with Trust Wallet Chrome extension v2.68 should:
— Update to version 2.69 strictly via official channels and instructions;
— Carefully review recent on-chain activity for any unknown recipient addresses or unexplained transfers;
— If there is any doubt about compromise, migrate funds to a new wallet generated with a fresh seed phrase, avoiding reuse of old private keys;
— Prefer using hardware wallets or the official mobile app for holding larger balances until the browser extension’s security posture is fully clarified.
Best Practices for Securing Browser-Based Crypto Wallets
The Trust Wallet security incident underscores that even large, reputable projects can be affected by sophisticated attacks. Owners of digital assets should adopt a defense-in-depth approach:
— Store substantial holdings on hardware wallets, not exclusively in browser extensions or hot wallets;
— Limit the number of installed browser extensions, especially those related to crypto, DeFi, or trading;
— Double-check the recipient address and amount before signing any transaction, and scrutinize transaction prompts for unusual permissions;
— Follow only official project channels (website, X/Twitter, Telegram, Discord) and monitor them for real-time alerts about hacks, phishing campaigns, or compromised releases;
— Use strong, unique passwords and multi-factor authentication for all accounts linked to your crypto operations, including email, exchanges, and developer platforms.
The compromise of the Trust Wallet Chrome extension is a clear reminder that browser wallets sit at a fragile point in the crypto security stack: one successful supply chain attack can instantly impact thousands of users. Staying safe requires more than just installing popular tools—it demands continuous vigilance, layered security controls, and a solid understanding of how modern attacks unfold. Users who actively follow security advisories, diversify their storage methods, and verify every high-value action stand a far better chance of keeping their assets secure in an increasingly hostile cyberthreat landscape.
