A routine software update to a popular crypto wallet’s browser extension set off a cascade of losses this week, draining millions of dollars from users’ accounts and raising fresh questions about the security risks embedded in everyday digital finance tools
A Breach Emerges in Plain Sight
The first signs of trouble surfaced quietly, as individual users of Trust Wallet began reporting that their funds were vanishing without warning. Over a short span of time, wallets were emptied, transactions executed rapidly and without obvious user authorization. The pattern was unsettling not only for its scale but for its speed, suggesting an automated or systemic vulnerability rather than isolated user error.
The alarm was amplified when ZachXBT, a well-known onchain investigator who tracks crypto-related thefts, issued a public alert on Telegram. Based on an initial review of compromised addresses, he estimated that more than $6 million had been siphoned off from hundreds of users. The reports, he noted, appeared to cluster around the same moment—shortly after a recent update to Trust Wallet’s Chrome browser extension.
While the precise technical mechanism remained unclear, the coincidence was difficult to ignore. In the decentralized world of cryptocurrency, where transactions are irreversible and accountability is diffuse, even a brief window of vulnerability can have sweeping consequences.
The Update That Triggered the Alarm
By Thursday, Trust Wallet acknowledged that it had identified a security incident affecting a specific version of its browser extension—version 2.68. In a statement posted on X, the company urged users to immediately disable the affected extension and upgrade to version 2.69, which it said addressed the issue.
The company emphasized that the problem was narrowly scoped. Mobile-only users, as well as those running other versions of the browser extension, were not impacted, according to Trust Wallet. Still, the guidance was blunt: users who had not yet upgraded were advised to avoid opening the extension altogether until the update was complete, a tacit admission that continued use could expose funds to further risk.
Counting the Cost, Assuring the Public
As investigators pieced together the scope of the breach, estimates of the losses continued to climb. Changpeng Zhao, the founder of Binance and the owner of Trust Wallet, said that roughly $7 million had been affected by the hack. In a public post, he pledged that Trust Wallet would cover the losses and reassured users that their funds were “SAFU,” a term popularized within the Binance ecosystem to signal financial protection.
The promise of reimbursement offered some relief, but it also highlighted the unusual position Trust Wallet occupies. Unlike many decentralized tools that disclaim responsibility once assets leave a user’s control, Trust Wallet is tied to a centralized corporate owner with both the resources and the incentive to preserve trust.
A Familiar Pattern in Crypto Security
The Trust Wallet incident fits into a broader pattern that has plagued the cryptocurrency industry for years: security failures that emerge not from exotic exploits, but from routine updates, misconfigurations, or overlooked code changes. Each episode reignites debates about whether the industry’s rapid pace of development has outstripped its ability to safeguard users.
In this case, investigators have yet to identify the exact root cause of the breach, leaving open questions about whether the vulnerability stemmed from compromised code, a supply-chain issue, or an external attack timed to coincide with the update. Trust Wallet has said its team is actively working on the issue and will continue to share updates.
