Trust Wallet Extension Hack Drains $6.77M — Possible Insider Compromise

Published: 2025-12-26 08:14:49 |

Trust Wallet confirmed a security incident affecting its browser extension version 2.68 that led to approximately $6.77 million in user funds being stolen. The attack exploited malicious code in an extension update; on-chain tracking shows the attacker moved about $4.25 million to centralized platforms including KuCoin, HTX, ChangeNOW and FixedFloat. Mobile wallet users and other extension versions were not affected; Trust Wallet urged web-extension users to upgrade immediately to version 2.69. Binance co‑founder Changpeng Zhao (CZ), who holds a majority stake in Trust Wallet, said the company will cover the losses. Community members raised concerns the injected code was trivially detectable and have alleged a possible insider role in the compromised update. The incident briefly pressured the Trust Wallet Token (TWT) price (from $0.82 to $0.76) before it recovered to around $0.82. Key takeaways for traders: the hack targets browser-extension users (not mobile), affected assets include BTC, ETH, USDT, USDC and BNB, immediate risk to web-extension holders remains until they upgrade, and the issuer’s promise to reimburse could mitigate longer-term reputational damage but does not eliminate governance and security concerns.

Bearish

The news is bearish for short-term market sentiment around Trust Wallet-related assets and browser-extension usage. A $6.77M exploit undermines user trust in non-custodial browser extensions, prompting immediate risk-off behavior among affected users and potentially broader caution among retail holders. The attacker moved significant funds to centralized exchanges, increasing selling pressure on stolen assets; wallet reimbursements by CZ/Trust Wallet may limit long-term price damage but do not remove structural concerns about update controls, code review and insider risk. Historical parallels: past extension and hot-wallet exploits (e.g., multiple MetaMask/phishing extension incidents) have caused short-term sell-offs and volatility but often limited long-term market decline when teams reimburse or patch quickly. Expect: short-term increased volatility for TWT and tokens concentrated in affected wallets, potential outflows from web-extension users to hardware/mobile wallets, and heightened attention from exchanges and auditors. Long-term impact depends on Trust Wallet’s remediation, transparency, and any governance/operational changes — if trust is restored quickly the effect will be muted; if evidence of insider involvement emerges, reputational damage could be more persistent and lead to sustained downside for TWT.