Cryptocurrency Wallet Trust Wallet Hacked at Year-End: $7 Million Stolen, Binance Promises Full Compensation

Year-End Security Alert: Major Security Vulnerability Discovered in Trust Wallet Browser Extension, a Cryptocurrency Wallet Service Provider, Leading to Theft of Approximately $7 Million in User Funds. Binance Founder CZ Confirmed on Social Media that Full Compensation Will Be Provided to All Affected Users. This Incident Once Again Highlights the Increasingly Severe Security Risks Faced by Digital Asset Holders and Serves as a Wake-Up Call for the Entire Industry.

Hacker Attack Timeline Emerges

According to an investigation by blockchain security firm SlowMist, this meticulously planned cyber attack was more premeditated than it appeared. SlowMist founder Yu Xian revealed that preparations for the attack had quietly begun as early as early December. Specifically, hackers started preparing at least from December 8, successfully implanting a backdoor in Trust Wallet v2.68 in mid-December. Subsequently, on Christmas Day (December 25), they began large-scale transfers of user funds, which were eventually discovered by the official team.

This detailed timeline indicates that the entire attack chain was tightly linked, demonstrating that the attackers had in-depth knowledge and preparation for the target system.

Backdoor Code Mechanism Revealed, Privacy Leak Risks Are Astonishing

Technical analysis is even more concerning. SlowMist pointed out that malicious backdoor code collected data via a tool called PostHog, not only stealing users’ transaction records but also including highly sensitive personal information such as wallet seed phrases. The collected data was then sent to a server controlled by the attackers at (api.metrics-trustwallet[.]com). This means that affected users’ cryptocurrency wallets face not only the risk of direct fund theft but also comprehensive privacy breaches.

Trust Wallet officially posted on social platforms, urging users to immediately upgrade to v2.69, which has removed the backdoor code.

Industry Clouded by Internal Suspicions

Industry insiders have raised an unsettling hypothesis: this vulnerability likely involved internal personnel. The reason is that the attacker was able to directly submit new versions of the extension through Trust Wallet’s official channels, a capability far beyond normal external hacking methods. SlowMist also noted that the attacker demonstrated a “very familiar” level of knowledge of Trust Wallet’s source code, further strengthening the possibility of insider involvement.

CZ himself did not deny this hypothesis in his response, actually acknowledging the possibility of internal personnel participation. The official is currently investigating how the hacker gained the authority to submit new versions.

Cryptocurrency Wallet Security Crisis Spreads, Industry Data Is Shocking

This Trust Wallet incident is not isolated. According to data from blockchain analysis firm Chainalysis, the number of personal wallet thefts in 2025 has surged to 158,000 incidents, resulting in approximately $713 million in losses. Although the total stolen amount has decreased compared to 2024, the frequency of thefts remains high. Even more shocking, these 158,000 incidents affected 80,000 different victims, highlighting the widespread nature of the problem.

Earlier in February, a major theft at the Bybit exchange resulted in losses of about $1.5 billion, further reminding market participants that the security risks of crypto assets are not limited to a single platform or product.

User Emergency Guidelines and Industry Lessons

For Trust Wallet users, the official recommends taking the following immediate actions: first, verify the browser extension version; if not upgraded to v2.69 or above, update immediately; second, consider changing wallet seed phrases and migrating assets to secure offline storage devices; third, monitor all account activities related to the wallet to ensure no further fund losses.

This incident has sounded an alarm for the entire cryptocurrency wallet industry. Companies need to strengthen security processes, code audits, and employee management across multiple areas. Users should carefully evaluate the security track record and technical strength of platforms when choosing cryptocurrency wallet services. While CZ’s full compensation commitment has maintained user confidence, this security crisis serves as a warning to the entire industry: insufficient security investment and poor risk management will come at a very high cost.