- Trust Wallet’s Chrome extension security breach risks private keys.
- Malicious version bypassed manual release checks.
- Users face potential $7 million crypto losses.
Trust Wallet identified a malicious script in a Chrome extension update on December 24, 2025, which compromised user private keys, resulting in approximately $7 million losses.
The incident raised significant security concerns, focusing on potential insider exploitation and highlighted vulnerabilities in software release processes, affecting Trust Wallet Chrome users globally.
Breach and Impact
Trust Wallet recently issued an emergency warning for its users after identifying a security flaw in the Chrome extension. The issue involved a malicious script that harvested private keys, posing a threat to user assets.
Eowyn Chen, CEO of Trust Wallet, confirmed a breach resulting from a compromised Chrome API key, bypassing standard release procedures. The malicious version, 2.68, went live without official approval, affecting users who logged in pre-December 26.
The breach has led to approximately $7 million in losses, impacting crypto users globally. Three hundred Trust Wallet users entered their seed phrases during the affected period, exposing assets across multiple blockchain networks.
Despite these losses, Trust Wallet pledged to refund affected users while warning against scams exploiting this security breach. Instructions will be provided via their official channels, emphasizing caution among the user community.
Industry Implications
Trust Wallet’s incident underscores broader risks in extension security, joining a lineup of industry challenges in 2025. While no specific government actions have been documented, user vigilance is urged amid this breach.
Industry experts anticipate tighter security measures and potential regulatory scrutiny following this incident. The breach serves as a reminder of the importance of cybersecurity, with 713 million reported in similar losses in 2025 due to compromised browser extensions.
