On December 25, on-chain detective ZachXBT reported that multiple Trust Wallet users have reported unauthorized fund outflows from their wallet addresses within a few hours. According to preliminary monitoring and comprehensive reports, on-chain tracking shows that hundreds of victims have been affected, with stolen funds totaling at least $6 million so far.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
Trust Wallet posted an emergency notice on its official X account, indicating that version 2.68 of its browser extension has a security vulnerability. It is recommended that affected users disable version 2.68 and upgrade to 2.69 via the official Chrome Web Store, and refrain from opening the affected version until the update is complete. Trust Wallet stated that mobile applications and other extension versions are unaffected, and the team is actively investigating. As of the 26th, no compensation details have been announced by the official channels.
Public blockchain analysis by on-chain monitoring agencies shows that funds from many affected addresses are rapidly being transferred to a wallet controlled by the attacker. This pattern is common in cases of compromised extensions or front-end events, where malicious updates or vulnerabilities may lead to unauthorized signature requests or private key leaks. Trust Wallet issued a consultation only after the extension update, which has heightened community concerns about whether version 2.68 introduced or exposed vulnerabilities. During the ongoing investigation, users can take the following practical measures: if you have installed version 2.68, disable the Chrome extension and only upgrade through the official Trust Wallet Chrome Web Store link; transfer remaining funds to a hardware (cold) wallet or create a new wallet through a secure process; check your address’s on-chain activity and report suspicious thefts to Trust Wallet support for investigators to trace the fund flow. Cybersecurity teams note that quick mitigation, careful preservation of evidence (transaction hashes, timestamps, extension version), and coordination with exchanges and blockchain analysts can improve the chances of tracking and potentially freezing stolen assets.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
