Ethical Hacking News
Trust Wallet Chrome Extension Breach: A $7 Million Crypto Loss via Malicious Code
The Trust Wallet Chrome extension breach resulted in a $7 million loss of cryptocurrencies. The breach was caused by malicious code introduced in version 2.68, which led to theft of sensitive user information and funds. The attackers used an open-source library named posthog-js to harvest wallet user information and launder stolen funds. Hundreds of victims were affected, with an estimated loss of $2.8 million remaining in hacker's wallets and $4M in cryptos being sent to centralized exchanges. The breach was likely caused by an insider, but no further evidence was provided. Trust Wallet is actively refunding impacted users and urging them to refrain from interacting with suspicious messages.
The cryptocurrency market has been plagued by numerous security breaches and malicious attacks in recent times, leaving users vulnerable to exploitation. The latest incident that has garnered significant attention is the Trust Wallet Chrome extension breach, which resulted in a substantial loss of approximately $7 million in cryptocurrencies.
According to the context provided, the breach was caused by malicious code introduced in version 2.68 of the Trust Wallet Chrome extension. This malicious code, designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet, has led to the theft of sensitive user information and funds. The encrypted mnemonic is then decrypted using the password or passkey entered during wallet unlock, allowing the attackers to access the user's wallets.
The breach has been linked to an open-source full-chain analytics library named posthog-js, which has been leveraged by the attackers to harvest wallet user information. Furthermore, the attackers have used a centralized exchange and cross-chain bridges for laundering and swapping the stolen funds, with approximately $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum being drained from the wallets.
The incident has claimed hundreds of victims, with an estimated loss of $2.8 million of the stolen funds remaining in the hacker's wallets (Bitcoin/EVM/Solana) and the bulk – >$4M in cryptos – having been sent to centralized exchanges for laundering and swapping.
SlowMist, a blockchain security firm, has confirmed that the breach originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rather than an injected compromised third-party dependency. The company is urging users to update their Google Chrome extension to the latest version (2.69) as soon as possible.
Changpeng Zhao, a co-founder of crypto exchange Binance, which owns the utility, has hinted that the exploit was "most likely" carried out by an insider, although no further evidence was provided to support this theory.
Trust Wallet is actively finalizing the process to refund the impacted users and is urging users to refrain from interacting with any messages that do not come from its official channels. The company's top priority is supporting affected users, and it is taking steps to rectify the situation as soon as possible.
In light of this incident, it is essential for cryptocurrency users to exercise caution when using browser extensions and to stay vigilant against potential security threats. It is also crucial for companies like Trust Wallet to ensure that their internal security measures are robust enough to prevent such breaches from occurring in the future.
The breach highlights the importance of implementing robust security measures, conducting regular audits, and staying informed about potential vulnerabilities in software applications. As the cryptocurrency market continues to evolve, it is likely that we will see more incidents like this, emphasizing the need for users and companies alike to remain vigilant and proactive when it comes to cybersecurity.
Related Information:
https://www.ethicalhackingnews.com/articles/Trust-Wallet-Chrome-Extension-Breach-A-7-Million-Crypto-Loss-via-Malicious-Code-ehn.shtml
https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
Published: Fri Dec 26 11:39:04 2025 by llama3.2 3B Q4_K_M
