Trust Wallet users lost about $7 million in a Christmas Day exploit that had been planned since early December.
Trust Wallet’s browser extension version 2.68 was compromised by a security incident impacting desktop users, Trust Wallet said in a Thursday X post; it advised users to upgrade to version 2.89.
Changpeng Zhao, co-founder of Binance, which owns the cryptocurrency wallet that claims to serve 220 million users, said in a Friday X post that the lost funds will be covered.
Cryptocurrency wallet exploits have been an increasing threat to digital asset investors. Personal wallet compromises accounted for 37% of the value stolen in 2025, if the $1.4 billion Bybit hack in February is excluded, according to Chainalysis.
Still, the $7 million Trust Wallet exploit pales in comparison to some of the biggest wallet hacks. In February 2024, the co-founder of play-to-earn game Axie Infinity, Jeff Zirlin, lost $9.7 million worth of Ether (ETH) to a suspected wallet exploit.
Related: Crypto hack counts fall but supply chain attacks reshape threat landscape
Crypto industry watchers raise insider concerns following Trust Wallet exploit
The orchestrators of the attack on Trust Wallet had been preparing the exploit as early as Dec. 8, wrote Yu Xian, co-founder of blockchain security firm SlowMist, in a Friday X post. A machine translation of his post read:
“The attacker started preparations at least on [Dec. 8], successfully implanted the backdoor on [Dec. 22], began transferring funds on [Christmas Day], and thus was discovered.”
The backdoor code was also collecting users’ personal information, which was sent to the attacker’s server.
According to onchain detective ZachXBT, “hundreds” of Trust Wallet users were affected.
Some industry watchers pointed to signs of potential insider activity from the exploit, as the attacker was able to submit a new version of the Trust Wallet extension on the website.
“This kind of ‘hack’ is not natural. The chances of insider is high,” intergovernmental blockchain adviser Anndy Lian wrote in a Friday X post.
Related: CZ proposes fix to address poisoning after investor loses $50M
Zhao agreed that the exploit was “most likely” an insider.
SlowMist’s Xian also noted that the attacker was “very familiar with the Trust Wallet extension’s source code,” which enabled them to implement the backdoor code necessary to collect sensitive user information.
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
