Trust Wallet owner Binance has promised to replace those funds lost during the attack
Users of Trust Wallet were hit by a security breach on Christmas Day that led to losses estimated at around $7 million. The attack targeted desktop users running an outdated browser extension and was the result of weeks of preparation, according to blockchain security researchers.
Trust Wallet confirmed that version 2.68 of its browser extension had been compromised and urged users to update to version 2.89 immediately. The wallet provider said the issue did not affect mobile users, but acknowledged that the exploit allowed attackers to drain funds from affected accounts.
Changpeng Zhao, co-founder of Binance, which owns Trust Wallet, said the company plans to reimburse users who lost funds. Trust Wallet claims to serve more than 220 million users globally, making the incident one of the more visible wallet breaches this year.
Researchers from SlowMist said the attacker began laying groundwork in early December. A backdoor was reportedly planted days before Christmas, allowing funds to be moved out while also collecting personal user data. The activity was discovered once transfers began on December 25.
Onchain investigator ZachXBT said hundreds of users were impacted. Some analysts raised concerns about possible insider involvement, noting that the attacker appeared to have deep knowledge of the extension’s code and was able to submit a malicious update.
Wallet-related hacks remain a growing concern across the industry. Data from Chainalysis shows personal wallet compromises made up a large share of crypto thefts in 2025, even as overall hack activity showed signs of slowing.
