Ethical Hacking News
Trust Wallet has warned users to update its Chrome extension after a $7 million security loss due to malicious code inserted into version 2.68 of the multi-chain, non-custodial wallet. The attack may have been carried out by a Pro-Russian group known as Noname057, and attackers also launched a phishing campaign to drain funds from victims' wallets. Users are advised to update to version 2.69 immediately to mitigate the issue.
Trust Wallet has urged users to update its Google Chrome extension after a security incident that resulted in approximately $7 million in losses. A malicious code was secretly inserted into the 2.68 update, injecting it into wallets stored in the extension and stealing encrypted mnemonic phrases. The attackers also launched a phishing campaign exploiting user panic, prompting victims to enter wallet recovery seed phrases. About $6 million in crypto was stolen, with most funds sent to exchanges and about $2.8 million still held in attacker wallets. Users are advised to upgrade to version 2.69 immediately to mitigate the issue.
In a recent announcement, Trust Wallet has urged users to update its Google Chrome extension after a security incident that resulted in approximately $7 million in losses. The flaw affects version 2.68 of the multi-chain, non-custodial wallet, which has around one million users.
The security incident was discovered by blockchain cybersecurity chain SlowMist, who analyzed the Trust Wallet browser extension and found malicious code secretly inserted into the 2.68 update. This injected code iterates through all wallets stored in the extension, triggering a get mnemonic phrase request for each wallet. The encrypted mnemonic is then decrypted using the user's password and sent to an attacker-controlled server, api.metrics-trustwallet[.]com.
The domain was registered on December 8, 2025, with activity starting December 21, 2025. SlowMist researchers suggest that the attack may have been carried out by a Pro-Russian group known as Noname057. The group has claimed responsibility for the cyberattack on La Poste services in France.
The attackers also launched a parallel phishing campaign exploiting user panic. Fake X accounts directed victims to fix-trustwallet[.]com, a site mimicking Trust Wallet and claiming to fix a security flaw. The site prompted users to enter wallet recovery seed phrases, enabling attackers to drain funds.
According to PeckShield researchers, the threat actors stole over $6 million in crypto, with most funds sent to exchanges and about $2.8 million still held in attacker wallets. BleepingComputer reported that during the security incident, attackers also used the open-source posthog-js analytics library to collect wallet user data.
Trust Wallet has assured users that they will be refunded for any losses incurred due to the security incident. The company's top priority is supporting affected users and has been actively finalizing the process to refund the impacted users. Users are advised to upgrade to version 2.69 immediately to mitigate the issue.
This incident highlights the importance of regular software updates and the need for robust cybersecurity measures to protect against sophisticated attacks. It also underscores the risks associated with phishing campaigns and the importance of being cautious when receiving unsolicited messages or emails claiming to be from legitimate sources.
In conclusion, the recent security incident involving Trust Wallet serves as a stark reminder of the need for vigilance in the digital world. As users, it is essential to stay informed about potential security threats and to take proactive measures to protect our personal data and assets.
Related Information:
https://www.ethicalhackingnews.com/articles/Trust-Wallet-Warns-Users-to-Update-Chrome-Extension-After-7-Million-Security-Loss-A-Cautionary-Tale-of-Cybersecurity-ehn.shtml
https://securityaffairs.com/186163/cyber-crime/trust-wallet-warns-users-to-update-chrome-extension-after-7m-security-loss.html
Published: Fri Dec 26 19:06:39 2025 by llama3.2 3B Q4_K_M
