Trust Wallet users lost approximately $7 million in a coordinated exploit that unfolded on Christmas Day, capping off a year marked by growing concerns over wallet security.
The attack targeted desktop users running Trust Wallet’s browser extension version 2.68.
The company confirmed the breach in a public statement and urged users to immediately upgrade to version 2.89.
Attack Planned Weeks in Advance
Blockchain security firms revealed that the exploit had been in preparation since early December.
Yu Xian, co-founder of cybersecurity firm SlowMist, said attackers began laying the groundwork as early as Dec. 8.
“The attacker started preparations at least on [Dec. 8], successfully implanted the backdoor on [Dec. 22], began transferring funds on [Christmas Day], and thus was discovered.”
The malicious code included a backdoor that harvested users’ personal information and transmitted it directly to servers controlled by the attacker.
Binance Founder Pledges User Compensation
Changpeng Zhao, co-founder of Binance, which owns Trust Wallet, addressed the incident publicly.
Zhao said the stolen funds would be fully covered, reassuring affected users amid growing scrutiny.
Trust Wallet claims to serve around 220 million users globally, making the incident one of the more visible wallet security failures of the year.
Wallet Exploits on the Rise
The Trust Wallet incident fits into a broader pattern of increasing personal wallet compromises.
Blockchain analytics firm Chainalysis reported that personal wallet hacks accounted for 37% of the total value stolen in 2025, excluding a major exchange breach earlier in the year.
While $7 million is relatively small compared to some historic exploits, it still underscores persistent vulnerabilities in wallet software.
In February 2024, Axie Infinity co-founder Jeff Zirlin lost $9.7 million worth of Ether in a suspected wallet exploit.
Insider Activity Raises Alarm
Several industry observers raised concerns that the Trust Wallet exploit may have involved insider access.
Onchain investigator ZachXBT estimated that “hundreds” of users were affected by the attack.
Some analysts pointed to the attacker’s ability to submit a malicious version of the browser extension as a red flag.
“This kind of ‘hack’ is not natural. The chances of insider is high,” intergovernmental blockchain adviser Anndy Lian wrote.
Zhao later agreed that the exploit was “most likely” the result of insider involvement.
Familiarity With Source Code Questioned
SlowMist’s Xian noted that the attacker demonstrated deep familiarity with Trust Wallet’s source code.
That knowledge enabled the precise insertion of backdoor functionality without triggering immediate detection.
The incident has intensified calls for stricter internal controls, code audits and extension distribution safeguards across the crypto wallet industry.
Market Context
This incident comes amid the crypto market experiencing a drawdown and retail interest plummeting to bear market lows.
Bitcoin is currently trying to hold the $87,000 support level, but many crypto traders are cautious about the future outlook for the coming months.
