Trust Wallet exploited over Christmas, ~$7 million stolen, suspected insider involvement
🔷 The Trust Wallet browser extension v2.68 was compromised with a backdoor, mainly affecting desktop users. Trust Wallet recommends updating to v2.89 immediately.
🔷 Changpeng Zhao (CZ) – co-founder of Binance (which owns Trust Wallet) confirmed that Binance will fully compensate all losses.
🔷 According to SlowMist, the attacker prepared since Dec 8, planted the backdoor on Dec 22, and drained funds on Christmas Day. The malware also collected personal data and sent it to the attacker’s server.
🔷 ZachXBT reported that hundreds of users were affected. Several experts (including Anndy Lian) and CZ believe this was likely an insider attack, as the attacker was able to push a malicious extension version onto the official website.
🔷 Chainalysis noted that excluding the $1.4B Bybit hack, personal wallet exploits accounted for 37% of total stolen value in 2025, highlighting rising risks for individual users.
➡️ Recommendation: Trust Wallet users should update immediately, scan their computers for malware, and follow official compensation announcements from Binance/Trust Wallet.
