Trust Wallet go reimburse $7M after Christmas browser-extension hack

Binance co‑founder Changpeng Zhao (CZ) talk say Trust Wallet go refund about $7 million after one bad browser extension update (v2.68.0) commot money on Christmas Day. Security company SlowMist and independent researchers report say the compromised extension get backdoor wey dey leak sensitive user data — including seed phrases — go attacker‑controlled endpoint (api.metrics-trustwallet[.]com). Investigators build timeline wey show say preparations start around Dec 8, backdoor inject on Dec 22, and money transfer start Dec 25. Trust Wallet release patched desktop extension (v2.69.0) and tell users make dem upgrade; some earlier reports mention v2.89.0 for some advisories. Industry observers and on‑chain analysts note say the incident fit need insider knowledge or sabi Trust Wallet code or release process because attackers fit publish malicious update. Chainalysis data wey dem cite put 2025 crypto thefts into billions year‑to‑date and show more attacks wey target individual wallets. CZ talk say user funds safe (SAFU) as team dey continue investigate how the malicious version comot. Key takeaways for traders: wallet‑extension vulnerabilities still dey active attack vector; short‑term sell pressure fit affect related on‑chain activity or asset flows if confidence in desktop wallet security fall; affected users go get reimbursed, which fit limit long‑term market disruption.