In the middle of Christmas, when most of us enjoyed moments with our family, the cryptocurrency world shook a major security incident. Users of the popular Trust Wallet portfolio became victims of a sophisticated hacking attack that led to losses exceeding $7 million. What exactly happened when the hackers did this stunt and what to do to protect their funds? Let us take a closer look at this shocking story that reminds us of how fragile security in the digital world can be.

Start of drama: Alarm on X platform

It all started on December 25, 2025, when on-chain detective ZachXBT picked up an alarm on platform X (formerly Twitter), informing about mass leaks of funds from Trust Wallet wallet addresses. In just a few hours, numerous user accounts reported that their Crypto They disappear in mysterious transactions. Trust Wallet, owned by the Giant Binance, quickly reacted by publishing an official statement. It turned out that the problem only concerns version 2.68 of the browser extension for Chrome – mobile applications and other versions remained intact.

Yes $6M+ tablen at minimum from hundreds of Trust Wallet users.

Hopeful they will offer compensation to everyone if it’s determined they’re at Fault for the incident.

It’s difficult to map out since there’s many theft addresses.

Here’s my letter so far below:

EVM...
— ZachXBT (@zachxbt) December 25, 2025

How did the attack happen? Malignant code in update

Analysis conducted by experts, including SlowMist and PeckShield, revealed that hackers injected malicious code to update the extension. In a file called 4482.js, which pretended to be an analytics tool, the mechanism that steals the seed phrases (recovery keys) of users was hidden. When the wallet was unlocked, the data was sent to the false domain api.metrics-trustwallet.com, registered only a few days earlier. This allowed the attackers to authorize unauthorised transfers and empty their wallets.

Everything we know about the ♪TrustWallet exploit summarized:

As of 26.12.2025, this looks like a straight supply chain compromise of the Trust Wallet Chrome extension, not a user approval mistake.

🔺What happened:
Trust Wallet shipped Chrome extension v2.68.0 on 24.12.2025.... https://t.co/TdcYPkYZwG pic.twitter.com/L7Mh1aB9ue
— MASTR (@MastrXYZ) December 26, 2025

At the same time, a phishing campaign was launched through fake pages such as fix-trustwallet.com, which impersonated the official support of Trust Wallet and urged users to provide phrase seed under the pretext of "repairing the gap". Experts emphasize that the code was so simple and obvious that it should be detected by basic audits – no external URLs or suspicious domains should alert the development team.

Loss scale and casualties

According to preliminary estimates, losses amounted to over $7 million and hundreds of wallets were affected. Users reported immediate emptying of accounts after regular transaction authorization. Worse still, the incident reminded of similar problems from the past – one of the victims mentioned the loss of $7,000 in 2023, which nobody compensated. This time, however, the reaction was faster, although for many Christmas periods turned into a financial nightmare.

Trust Wallet and CZ Binance reaction

Trust Wallet immediately released a new version of 2.69 and recommended users to disable the extension until updated through the official Chrome Web Store. The company assured that the team was working on a solution and contacted the victims. Changpeng Zhao (CZ), founder of Binance and owner of Trust Wallet, personally commented on the X: "So far, $7 million have been affected by the hack. Trust Wallet will cover it. User funds are SAFU". CZ also suggested that an insider might be behind the attack – someone from inside the team who allowed to send a malicious version to the Google store.

So far, $7m affected by this hack. @TrustWallet Will cover. User funds are SAFU. Appreciate your understanding for any inventions caused. 🙏

The team is still investing how hackers were able to submit a new version. https://t.co/xdPGwDU8b
— CZ 🔶 BNB (@cz_binance) December 26, 2025

The insider's suspicions: Is it treason from within?

Many experts and users point to the possibility of participation of the Trust Wallet team. The code was too simple to miss, and the phishing domain registered recently raises doubts about the lack of automatic audits. CZ confirmed that the team was investigating how hackers were able to send a new version, and acknowledged, "Most likely [insider]". This raises questions about security procedures in a company that supports millions of users.

How do you protect yourself? Tips for cryptoinvestors

This incident is a painful reminder of risks in the world of crypto. These are key steps to avoid similar problems:

Update Immediately: If you use Trust Wallet on Chrome, check the version and update to 2.69 or later. Disable extension until safety confirmation.
Never give phrase seed: No official website will ask for your recovery keys. Avoid suspicious links and phishing.
Use Hardware Wallets: Consider switching to physical devices like Ledger or Trezor for greater safety.
Monitor transactions: Use tools like Etherscan or BscScan to track your account movements.
Diversify: Do not keep all funds in one wallet – divide them into several.

Christmas Nightmare cryptocurrency: Millions stolen from Trust Wallet in instant attack