Express
Trust Wallet to Voluntarily Compensate Users Affected by Wallet Security Incident
Summary: During the period from December 24 to 26, 2025, Trust Wallet Browser Extension v2.68 was compromised due to API key leakage, leading to the upload of malicious code. This incident affected 2520 wallet addresses that logged into the extension during this period, resulting in approximately $8.5 million in assets being stolen. Investigations indicate that this ...
During the period from December 24 to 26, 2025, Trust Wallet Browser Extension v2.68 was compromised due to API key leakage, leading to the upload of malicious code. This incident affected 2520 wallet addresses that logged into the extension during this period, resulting in approximately $8.5 million in assets being stolen. Investigations indicate that this attack is related to the industry-wide supply chain attack Sha1-Hulud that occurred in November, with the attackers gaining access to the Chrome Web Store API through leaked GitHub credentials. Trust Wallet has decided to voluntarily compensate affected users and is currently finalizing the compensation process and ownership verification procedures, while also reaching out to the official victims. Trust Wallet advises affected users to immediately transfer funds to a new wallet and submit a claim through the official form. Over 5000 claims have been received so far, with the team conducting individual reviews of each case. Additionally, Trust Wallet has released the patched version 2.69 and disabled relevant publishing permissions and credentials.
Tags:
Link: Trust Wallet to Voluntarily Compensate Users Affected by Wallet Security Incident [Copy]
