Users are being urged by Trust Wallet to update to the most recent version of its Google Chrome extension. The multi-chain, non-custodial cryptocurrency wallet service stated that version
2.68 is affected by the problem.
The Chrome Web Store listing states that the extension has approximately one million users. According to the company, there is a chance that it is the work of a nation-state actor. They added that the attackers might have acquired deployment permissions or taken control of developer devices connected to Trust Wallet before December 8,
2025.
Affected users are advised to fill out a form at "trustwallet-support" on their support desk.freshdesk[. ]com" to start the compensation process. security firm SlowMist said the attack originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rather than an injected compromised third‑party dependency (such as a malicious npm package) Although no additional proof was offered to back up the theory, a co-founder of the cryptocurrency exchange Binance, which owns the utility, implied that the exploit was "most likely" carried out by an insider.
In a post on X.M., Trust Wallet CEO Eowyn Chen stated, "The malicious extension v2.68 was NOT released through our internal manual process." According to Chen, the company has suspended the malicious domain, expired all release APIs, and processed reimbursement for impacted victims. "We've confirmed that approximately $7 million has been impacted and we will ensure all affected users are refunded," Trust Wallet stated in an additional post on X.MChen reiterated that the problem only affects the Chrome browser extension and stated that an investigation into the incident is ongoing. version 1.68 users who signed in prior to 11 a.m.
UTC on December 26, 2025. The company stated that the investigation is still ongoing and that neither mobile users nor users of any other browser extension version are impacted.