Trust Wallet, a popular cryptocurrency wallet, has issued an emergency warning to its users who have installed the Chrome browser extension version 2.68. The company detected a security incident and has advised users to disable the extension and update to version 2.69, which was released on December 25. According to reports, the security incident has resulted in losses ranging from $6 million to $7 million across multiple chains.
The Chrome Web Store listing for the Trust Wallet extension shows that version 2.69 was updated on December 25, 2025, which is the same day the incident became more widespread. The listing also indicates that the extension has around 1 million users, setting a worst-case upper limit for the potential exposure. However, the practical exposure depends on how many users installed version 2.68 and entered sensitive data while it was active.
Security Incident and User Guidance
Trust Wallet’s guidance focuses on releasing the browser extension, and the company has stated that mobile users and other versions of the extension are not affected. The company has advised users who imported or entered a seed phrase while running version 2.68 to treat that seed as compromised and migrate assets to a new wallet. Researchers have pointed to increased risks associated with the Trust Wallet browser extension update, particularly for users who imported or entered a seed phrase after installing the affected version.
A seed phrase can unlock current and future addresses derived from it, making it a critical piece of information for wallet security. Researchers reviewing the 2.68 bundle discovered suspicious logic in a JavaScript file, including references to a file labeled “4482.js.” This logic could transfer wallet secrets to an external host, highlighting the potential risks associated with the security incident.
Secondary Scams and User Protection
In addition to the security incident, users are also being warned about secondary scams, including counterfeit “fix” domains that attempt to trick users into sharing recovery phrases under the guise of remediation. Users are advised to be cautious and only interact with official channels from Trust Wallet. The company has also warned that fraudsters may try to impersonate the team during remediation efforts.
To protect themselves, users should update to version 2.69 and ensure that they do not interact with any suspicious messages or links. Users who have already been affected by the security incident should take immediate action to migrate their assets to a new wallet and treat their seed phrase as compromised. Trust Wallet has confirmed that approximately $7 million was damaged as a result of the Chrome extension v2.68 incident and has announced that a refund will be issued to all affected users.
Incident Response and Next Steps
The incident highlights the importance of incident response and the need for users to take immediate action to protect themselves. Trust Wallet’s response to the incident, including the release of version 2.69 and the warning to users, demonstrates the company’s commitment to user security. However, the incident also raises questions about the trust model for browser extensions and the potential risks associated with using them.
Extensions sit at a sensitive interface between web apps and signing flows, making them a potential target for malicious actors. The incident highlights the need for users to be cautious when using browser extensions and to ensure that they are using the latest version. Trust Wallet’s next revelations will set the boundaries for the outcome of the story, and a post-mortem of the provider that documents the root cause, publishes verified indicators, and clarifies the scope would help wallet providers, exchanges, and security teams develop targeted reviews and user instructions.
For more information, please visit the source link.
