Trust Wallet browser extension hacked, $6 million worth of crypto assets lost

Wallet Security Alert: Trust Wallet Browser Extension Vulnerability Leads to Massive Asset Loss

Recently, Trust Wallet officially confirmed a serious security vulnerability in its browser extension, resulting in unprecedented user losses. According to on-chain analyst ZachXBT’s tracking, over $6 million (approximately 480 million INR) worth of crypto assets were stolen in this incident, affecting hundreds of users. This event once again sounds the alarm on wallet security.

Vulnerability Details Revealed: Version 2.68 Hit Hard

The issue was first exposed by ZachXBT within the community. The analyst discovered that Trust Wallet users experienced a rapid loss of assets, with abnormal transactions frequently appearing on the blockchain. Investigation confirmed that browser extension version 2.68 contained a critical vulnerability, allowing hackers to directly gain access to user wallets through this flaw.

It is noteworthy that this vulnerability only affected the browser extension; mobile app users were not impacted. Trust Wallet quickly issued an emergency notice, urging affected users to disable version 2.68 immediately and upgrade to version 2.69 with the patch.

Hacker Techniques Revealed: Flash Loan Transfers of Dirty Assets

According to on-chain tracking data, hackers used flash loan mechanisms to quickly transfer stolen assets. Over $4 million worth of stolen crypto assets have been confirmed to flow into centralized exchanges, attempting to cash out. This method indicates a high level of professionalism and premeditation by the attackers.

This is also the second major security incident involving Trust Wallet since the November 2022 WebAssembly vulnerability (which caused a loss of $170,000). The current loss scale is 35 times larger than the previous one.

How Can Users Protect Themselves? Official Four-Step Security Guide

In response to this urgent situation, Trust Wallet has provided clear protective advice:

Step 1: Update Immediately
Upgrade the browser extension to the latest version 2.69 as soon as possible to ensure security patches take effect.

Step 2: Transfer Assets
Move digital assets from the browser version to the mobile app. The latter features biometric authentication (fingerprint, facial recognition), offering higher security.

Step 3: Regular Checks
Review wallet transaction records item by item to detect abnormal activities early. Early detection can effectively control potential losses.

Step 4: Follow Official Announcements
Trust Wallet states that it is actively investigating the root cause of the incident, and related compensation plans are still under evaluation. Users should stay tuned for further official updates.

Uncertain Compensation Outlook: Industry Responsibility Under Test

Unlike the full compensation by Trust Wallet in the 2022 incident, the current loss of up to $6 million has put significant financial pressure on the company. As of December 2025, no official compensation plan has been announced, and many affected users are still awaiting clear responses.

This incident once again exposes the inherent risks of browser wallets as entry points. Compared to this, the security vulnerabilities of self-custody wallets still exist, and calls for unified industry standards and regulation of wallet security are growing louder.

Warnings and Reflection: Regular Updates Remain the Best Defense

The two consecutive security incidents involving Trust Wallet demonstrate that even well-known wallets cannot completely avoid risks. This serves as a wake-up call for the entire industry.

The best protective strategies for users include:

• Regularly update all wallets and extensions
• Use multi-layer verification mechanisms (biometrics, hardware wallets, etc.)
• Diversify asset storage
• Continuously monitor transaction activities
• Follow official security notices

This incident also highlights the need for the industry to establish stricter security standards and emergency response mechanisms to safeguard assets for millions of users.