Trust Wallet has warned users to update its Chrome extension immediately after a security breach led to losses of around $7 million.
The vulnerability affects version 2.68 of the multi-chain, non-custodial wallet, which has close to one million users on the Chrome Web Store. Users are advised to switch to version 2.69 as soon as possible by installing the update from the official Chrome Web Store listing.
Trust Wallet is also warning users not to engage with any messages unless they come from its official channels. The company clarified that mobile-only users and those using other browser extension versions are not affected.
Meanwhile, blockchain security firm SlowMist revealed that version 2.68 contained malicious code capable of scanning all wallets stored in the extension and prompting a mnemonic phrase request for each one.
Table Of Contents
Trust Wallet’s Rapid Response
Following the incident, Trust Wallet temporarily disabled all release APIs for two weeks to stop any new versions from being pushed. It also acted to prevent further data leaks by alerting registrar NiceNIC about the malicious exfiltration domain, which was quickly taken offline.
Funds are being Returned
As the fallout continues, Trust Wallet says the attack impacted nearly 3,000 wallets, with the company committing to reimburse every verified victim. However, sorting legitimate claims from fraudulent ones has proven challenging.
According to Trust Wallet, investigators have confirmed 2,596 affected wallet addresses so far, but have already received close to 5,000 reimbursement claims.
This mismatch suggests a large number of false or duplicate submissions, some of which appear to be attempts to exploit the compensation process itself.
To prevent further abuse, the company says it is placing heavy emphasis on verifying wallet ownership. Its team is cross-checking multiple data points to ensure reimbursement funds reach genuine victims rather than bad actors posing as claimants.
Even as the review process continues, Trust Wallet has begun issuing reimbursements. Affected users are being asked to submit their contact details, compromised wallet addresses, the attacker’s wallet address, and transaction hashes through a dedicated claims portal. The company has also reiterated a key warning: users should never share private keys, recovery phrases, or passwords under any circumstances.
