A significant security breach has sent ripples through the cryptocurrency community, as TrustWallet, a prominent self-custody solution backed by Binance, fell victim to a sophisticated hack. This incident resulted in the theft of over $7 million in various cryptocurrencies, employing a particularly insidious method that directly targeted users' fundamental security keys.
The Anatomy of the Stealthy Exploit
The breach stemmed from a malicious JavaScript payload subtly injected into version 2.68.0 of TrustWallet's browser extension for Google Chrome, which was deployed on December 24, 2025. This hidden code, masquerading as an analytics module, was designed to surreptitiously monitor wallet activity. Its critical function was to intercept and exfiltrate seed phrases from users who imported or accessed them via the compromised extension. The stolen data was then transmitted to attacker-controlled domains, ingeniously masked with legitimate-sounding titles like "TrustWallet Metrics," making the illicit activity exceptionally difficult to detect in real-time.
Devastating Impact and TrustWallet's Commitment
With compromised seed phrases in hand, the attackers were able to autonomously restore these wallets on their own infrastructure, effectively bypassing traditional authorization methods. This allowed them to legitimately withdraw funds from affected wallets across Bitcoin (BTC), Solana (SOL), BNB Smart Chain (BSC), and various EVM ecosystem L2s without requiring further user interaction. Following the discovery, TrustWallet moved swiftly, releasing an updated version (v2.69.0) and urging all users to upgrade immediately. The company has officially confirmed total losses amounting to approximately $7 million and has firmly pledged to fully compensate all affected users, with the specific details of the refund process expected to be announced soon.
