This article was first published on TurkishNY Radio.
A new alert is circulating after Trust Wallet said 36,000 browser wallets remain currently compromised following a malicious extension update that appeared during the December holiday period. The company said impacted users were notified through a security banner and app alerts, while users without a notification are not considered affected.
What happened, and why the window matters
In an incident update, an unauthorized version of its browser extension, v2.68, was published to the Chrome Web Store outside the normal release process on December 24, 2025. The company said the malicious code could access sensitive wallet data and enable unauthorized transactions when users opened the extension and logged in during the window of December 24–26.
That window sounds short, but exposure can outlive the bug. If sensitive information was captured while the malicious build was active, attackers may retain what they need to try again, which is why Trust Wallet has framed the response as migration, not just updating software.
What the company is telling impacted users to do
The support guidance tells users on v2.68 to avoid opening the extension until it is updated to v2.69, verify the version, create a new wallet, and move assets away from the old one. The company also told users to ignore impersonators and to use official support channels for claims.
How it may have bypassed normal checks
The company said early findings point to an external publishing method that used a leaked API key and bypassed mandatory review steps. It also said it has high confidence the incident is tied to a wider supply-chain campaign known as Sha1-Hulud, and Trust Wallet said teams mobilized immediately to contain losses and continue the investigation.
Loss estimates, reimbursement, and a quick market read
The latest disclosure tied the incident to 2,520 drained wallet addresses and about $8.5 million linked to 17 attacker-controlled addresses. trust wallet said it will reimburse verified victims and is building an ownership verification workflow after receiving thousands of claims, including duplicates and suspected false submissions.
At the time of writing, Trust Wallet Token (TWT) traded around $0.914, and traders often track whether stolen funds consolidate on-chain and begin moving toward exchange deposit addresses.
Conclusion
For Trust wallet, the message is repetitive for a reason: notified wallets should be treated as compromised, funds should be migrated to fresh credentials, and claims should be verified so scammers do not profit twice. For the wider ecosystem, the episode is a reminder that browser wallets inherit software supply-chain risk, where attackers can exploit update paths, especially when markets are moving fast.
Frequently Asked Questions
How can someone tell whether a wallet is affected?
The company has said impacted users were directly notified through a security banner and app alerts, while users without a notification are not considered affected.
Does trust wallet affect mobile-only users in this incident?
The company has said the incident impacted only browser extension version 2.68, and mobile-only users and users on other extension versions are not affected.
What should a notified user do first?
The guidance is to update to v2.69 or later before using the extension, then move funds to a newly created wallet and stop using the old one.
Glossary of key terms
Recovery phrase: A set of words that restores a wallet and grants control of funds.
Supply-chain attack: An intrusion that delivers malicious code through trusted distribution or dependencies.
Wallet drainer: Malware that steals funds by triggering unauthorized transfers to attacker-controlled addresses.
References
