Binance Word of the Day 24 Dec 2025: Complete Answers and Claim Your BNB Rewards Today

 

Trust Wallet Confirms 2,596 Victims in Browser Extension Breach as Fake Claims Flood Compensation Process

Trust Wallet has released a new update shedding light on a major security breach that impacted its browser extension, revealing the scale of the incident and the growing challenges facing its compensation process. The breach, tied specifically to Trust Wallet browser extension version 2.68, resulted in the unauthorized draining of more than $6 million in user funds over a three-day period in late December.

According to the company’s latest findings, exactly 2,596 wallet addresses have now been conclusively identified as victims of the attack. However, the reimbursement effort has proven far more complex than anticipated, as Trust Wallet has received nearly double that number in compensation claims. Many of these submissions, the company says, appear to be false or duplicated.

The update was shared publicly by Trust Wallet CEO Eowyn Chen as the investigation continues into what is being described as one of the most serious supply-chain security incidents involving a crypto wallet in 2025.

Source: Eowyn Chen 

What Happened in the Trust Wallet Extension Breach

The incident occurred between December 24 and December 26, when a compromised update to the Trust Wallet browser extension was distributed to users. Investigators believe the breach originated from a supply-chain vulnerability, allowing malicious code to be inserted into version 2.68 of the extension.

Once installed, the compromised version enabled attackers to gain unauthorized access to user wallets, leading to rapid and silent fund drains. By the time the issue was detected and the affected version was pulled, millions of dollars had already been siphoned off.

Trust Wallet immediately advised users to stop using the browser extension version 2.68 and migrate funds to new wallets. Warning messages were also pushed directly to affected devices in an effort to prevent further losses.

Confirmed Victims Versus Claims Submitted

After weeks of analysis, Trust Wallet says it has now confirmed that 2,596 wallet addresses were directly impacted by the breach. This figure is based on on-chain analysis, internal logs, and forensic review of transaction patterns linked to the compromised extension.

Despite this, the company has received approximately 5,000 compensation claims from users seeking reimbursement. According to Trust Wallet, a significant portion of these claims cannot be substantiated.

Source: Xpost

Eowyn Chen stated that many of the submissions appear to be either duplicate claims from the same users or entirely false claims submitted by individuals whose wallets were not affected by the breach. This discrepancy has forced the company to slow the reimbursement process in order to protect legitimate victims.

Trust Wallet emphasized that accuracy is being prioritized over speed, as improper payouts could undermine the integrity of the compensation program and divert funds away from users who were genuinely impacted.

Challenges in Verifying Legitimate Claims

Verifying ownership of affected wallets has become one of the most time-consuming aspects of the response. Unlike traditional financial institutions, crypto wallets do not contain built-in identity verification, making it difficult to prove ownership without exposing users to additional security risks.

Trust Wallet says it is using multiple verification checkpoints to authenticate claims. These include transaction history analysis, device metadata, and cross-referencing wallet activity with the known behavior of the malicious code used in the attack.

The company has acknowledged that this process is frustrating for users awaiting compensation, but insists it is necessary to prevent abuse of the system and to ensure that funds are distributed fairly.

Ongoing Forensic Investigation Into the Breach

While the compensation process continues, Trust Wallet is also conducting an extensive forensic investigation to determine how the compromised update was distributed and why existing safeguards failed to detect it sooner.

The company confirmed that Google has escalated its involvement in the case. Audit logs from the Chrome Web Store are expected to be released soon, which may provide critical insight into whether the breach occurred during the upload, review, or distribution phase of the extension update.

Trust Wallet is also collecting and analyzing devices used by remote workers who were involved in development or deployment processes. Some of these devices are being physically shipped to the company’s security team for deeper inspection. Although logistical delays have slowed parts of the investigation, Trust Wallet says it has already developed several strong working theories regarding the origin of the breach.

Scope of Risk and Current User Safety

Trust Wallet has repeatedly stated that the breach was limited strictly to browser extension version 2.68 and that users who were not running this version are not affected. The company has also clarified that there is no ongoing threat once users migrate away from the compromised wallets.

To reinforce this message, warning alerts continue to appear on devices that still have the affected version installed. Users who do not see these warnings are believed to be unaffected and do not need to take further action.

The company has emphasized that Trust Wallet’s mobile applications and other versions of the extension were not compromised.

Why This Incident Matters for the Crypto Industry

The Trust Wallet breach highlights ongoing concerns around supply-chain security in the crypto ecosystem. As wallets and infrastructure tools grow more complex, attackers are increasingly targeting update mechanisms rather than users directly.

Supply-chain attacks are particularly dangerous because they exploit trust in official software distribution channels. In this case, users installed what they believed was a legitimate update from a trusted source, only to unknowingly expose their assets.

Security experts say incidents like this underscore the need for stricter code auditing, multi-layered verification, and real-time anomaly detection in wallet software.

Industry Reaction and Broader Implications

The breach has drawn attention across the crypto industry, raising questions about how wallet providers manage extension security and respond to large-scale incidents. While Trust Wallet’s transparency has been praised by some observers, others argue that the incident reveals structural weaknesses common across many crypto tools.

Regulators are also paying closer attention to wallet security practices, particularly as browser extensions remain one of the most widely used interfaces for interacting with decentralized applications.

What Comes Next

Trust Wallet says further updates on both the forensic investigation and the compensation process could be released as early as the next day. The company has pledged to keep users informed as new findings emerge.

For now, affected users are encouraged to follow official guidance, complete the verification process carefully, and remain cautious of scams attempting to exploit the situation.

As the investigation continues, the Trust Wallet breach stands as a reminder that even widely trusted crypto platforms remain vulnerable to sophisticated attacks, and that security remains one of the industry’s most pressing challenges.

hokanews.com – Not Just Crypto News. It’s Crypto Culture.

Writer @Erlin
Erlin is an experienced crypto writer who loves to explore the intersection of blockchain technology and financial markets. She regularly provides insights into the latest trends and innovations in the digital currency space.
 
 Check out other news and articles on Google News

Disclaimer:

The articles published on hokanews are intended to provide up-to-date information on various topics, including cryptocurrency and technology news. The content on our site is not intended as an invitation to buy, sell, or invest in any assets. We encourage readers to conduct their own research and evaluation before making any investment or financial decisions.
hokanews is not responsible for any losses or damages that may arise from the use of information provided on this site. Investment decisions should be based on thorough research and advice from qualified financial advisors. Information on HokaNews may change without notice, and we do not guarantee the accuracy or completeness of the content published.

Related Posts