Trust Wallet has been hacked, and the reported losses continue to rise, now reaching $7M.
A major security breach has once again exposed the risks of browser-based Web3 wallets.
Trust Wallet’s Chrome extension version 2.68 was compromised through a supply-chain attack, where malicious code disguised as an analytics tool was used to steal users’ seed phrases and funds.
The incident has been officially confirmed, with losses exceeding $6 million, mainly impacting users who entered their recovery phrases. Trust Wallet has since released an emergency update v2.69 and urged users to upgrade immediately.
Market sentiment quickly turned tense as discussions surged across social platforms. Security firms SlowMist and PeckShield warned that vulnerabilities may still exist, noting that part of the stolen funds has already flowed into centralized exchanges. CZ later reassured users, stating that Trust Wallet will compensate losses and that user funds remain protected.
Risks & safety advice:
This attack highlights serious weaknesses in wallet extension update mechanisms. Users are strongly advised to update immediately, rotate their seed phrases, and move assets to new wallets if they were exposed.
