Trust Wallet browser extension hack leads to $7 million in losses
A malicious Chrome extension update exposed wallet data, allowing attackers to drain millions from users before the flaw was identified and patched.
Trust Wallet users are reeling after a security breach in the browser extension led to roughly $7 million in losses, with hundreds affected and some individual wallets losing six-figure sums.
On-chain researcher ZachXBT was among the first to flag the incident, pointing to a recent Chrome extension update as the likely entry point. That suspicion was later confirmed by cybersecurity researcher Akinator, who identified malicious code embedded in Trust Wallet extension version 2.68.
The compromised code quietly transmitted wallet data to a phishing domain, metrics-trustwallet.com, which had been registered just days before the attack and has since gone offline. The setup suggests a targeted operation designed to exploit the trust users place in routine software updates.
Kelechi Edeh
Trust Wallet moved quickly to contain the damage. The company said the breach was limited to version 2.68 and urged users to update immediately to version 2.69, publishing step-by-step instructions to help users upgrade safely. Changpeng Zhao, founder of Binance and owner of Trust Wallet, also stepped in to reassure users, confirming that all affected funds would be fully reimbursed.
Meanwhile, blockchain investigators at Lookonchain tracked the attacker’s wallets and found that at least $4.2 million had already been routed through exchanges including ChangeNOW, FixedFloat, KuCoin, and HTX. As the investigation unfolded, victims began sharing their experiences publicly. One user said they lost $300,000 in under four minutes, underscoring how quickly the exploit played out once wallets were compromised.
Why is crypto theft getting worse in 2025?
The Trust Wallet breach isn't an isolated incident. It fits into a broader surge in crypto crime that has defined 2025. As digital assets pushed further into the mainstream, attackers followed the money, targeting everything from major exchanges to individual wallets.
Data from Chainalysis shows that more than $2.7 billion was stolen in crypto this year, making 2025 the worst year on record for digital asset theft. The largest single incident came from Dubai-based exchange Bybit, where hackers made off with roughly $1.4 billion, accounting for more than half of all losses this year. Investigators later linked the attack to North Korean state-backed hacking groups, and it now stands as the biggest crypto theft ever recorded, surpassing the Ronin Network and Poly Network hacks from 2022.
North Korean groups alone are estimated to be responsible for nearly $2 billion of the total stolen in 2025. These aren't opportunistic attacks. They're highly coordinated operations, often planned months in advance, with stolen funds believed to support sanctioned weapons and nuclear programs.
David Adubiina
At the same time, risk has spread well beyond large platforms. Decentralized exchange Cetus lost about $223 million, Balancer lost $128 million, and Phemex suffered losses of roughly $73 million. Individual users were also hit hard, with funds drained through phishing links, fake apps, and compromised private keys. These smaller thefts rarely dominate headlines, but together they erode trust just as effectively.
The Trust Wallet incident highlights a harsh reality for crypto in 2025. Even well-known platforms are vulnerable, and basic security failures can have immediate, irreversible consequences. While exchanges and protocols continue to invest in stronger defenses, the combination of rapid adoption and highly organized attackers means risk remains persistent.
As the year closes with record-breaking losses, the message for users is becoming harder to ignore. Whether you are managing millions or holding modest balances, caution, verification, and secure practices are no longer optional.
David Adubiina
