TrustWallet Chrome Extension Hack Drains ~$7M by Stealing Seed Phrases

Published: 2025-12-26 13:02:12 |

Binance-backed Trust Wallet’s Chrome extension (v2.68.0) was compromised on Dec 24, 2025 after malicious JavaScript disguised as analytics (notably file 4482.js) was injected into the extension. The payload captured seed phrases and wallet activity when users imported or accessed mnemonics, then exfiltrated data to lookalike domains branded as TrustWallet metrics. Attackers used stolen seeds to autonomously restore wallets and withdraw assets across Bitcoin, Solana, BNB Smart Chain and multiple EVM L2s without requiring transaction approvals. Approximately $7 million was drained and rapidly consolidated through services including ChangeNOW, FixedFloat, KuCoin and HTX. Trust Wallet released an updated extension (v2.69.0), urged immediate upgrades or disabling the extension, and said it will refund affected users though details remain pending. The incident highlights a likely supply‑chain or malicious-code injection targeting browser extension imports and underscores acute seed phrase risk for browser wallets. Traders should treat this as a warning: avoid using browser wallet extensions until updates are audited, move funds to hardware or official mobile wallets, rotate keys, monitor suspicious addresses, and expect potential short-term downward pressure on affected tokens (including TWT). Primary keywords: TrustWallet hack, seed phrase theft, browser extension malware; secondary keywords: Chrome extension compromise, wallet security, supply-chain attack.

Bearish

The hack directly undermines trust in the Trust Wallet ecosystem and the TWT token. News that a widely used Chrome extension exfiltrated seed phrases and led to roughly $7M in drains increases short-term selling pressure on TWT as users and bots react to security risk and potential refunds uncertainty. Traders are likely to move holdings out of perceived-risk assets, rotate into safer custody (hardware wallets or audited mobile apps) and reduce exposure to extension-dependent tokens. Liquidity for affected tokens may thin as holders withdraw or consolidate, amplifying volatility and downward price moves in the short term. In the medium-to-long term, impact depends on Trust Wallet’s remediation, clarity on refunds, and whether developers or marketplaces regain user confidence; if effective fixes and compensation are credible, negative pressure could ease. However, repeated or visible supply-chain attacks typically keep investor risk premiums higher for the token and related extension‑dependent assets.