Trust Wallet Pledges To Cover $7M Lost In Christmas Day Hack, CZ Says

• Trust Wallet Hack drained $7M via a browser extension flaw, with attackers planning the breach weeks ahead.
• Binance confirmed refunds for all victims as experts flagged possible insider access behind the exploit.
• Hack exposed gaps in update reviews, as stolen funds and user data affected hundreds of wallets.

A Trust Wallet Hack exposed serious security gaps after attackers quietly stole nearly $7 million from users during the Christmas holiday. The breach targeted desktop users through a compromised browser extension and went unnoticed for days. Investigators later revealed the operation was planned weeks ahead, making it a calculated attack rather than an opportunistic strike.

Trust Wallet said the attack was limited to browser extension version 2.68 and not their mobile apps. The company recommended that users update the app to version 2.89, which contains security fixes meant to prevent the exploit from working. Binance-owned Trust Wallet is one of the largest crypto wallets, with more than 220M users around the world.

Zhao Confirms User Refunds After Trust Wallet Hack

Binance co-founder Changpeng Zhao addressed the public about the hack following reports of a breach. Trust Wallet will refund all users affected and take a hit for the losses, he said. Zhao admitted that the hack was a very serious breach and that rebuilding users’ trust was crucial in a time when crypto security is increasingly coming under scrutiny.

Additional analysis revealed that the Trust Wallet Hack had been actively ongoing since the beginning of December. Yu Xian, cofounder of blockchain security firm SlowMist, disclosed the exploit was not carried out until December 8. On December 22, they managed to inject a harmful backdoor into the extension. Money was then moved out on Christmas Day, with the breach eventually discovered there.

Source: COS

The malicious code did not just drain down digital assets. Investigators found out that the code of the malicious attack also collected personal user information, which was posted to servers controlled by the attacker. According to ZachXBT, a blockchain researcher, the attack affected hundreds of users, which suggests that it did not affect a small number of victims.

Also Read: Upbit Hack: $1.77M in Stolen Assets Frozen as Investigation Expands

The industry has serious concerns over the execution of the exploit. The attacker was able to pass a modified version of the extension via official distribution platforms. This made some professionals doubt the possibility of internal access being a factor. 

Experts Flag Possible Insider Role in Trust Wallet Breach

Anndy Lian, who serves as an intergovernmental blockchain adviser, described the event as very peculiar and believed there was a high chance of insider involvement. Zhao subsequently claimed that the hack was most likely done with insider information.

Slowmist Xian noted that the attacker also showed a deep understanding of Trust Wallet’s source code. That familiarity also served to provide the backdoor with legitimacy, thus avoiding an early detection. Security experts say the issue reflects vulnerabilities in internal review processes and systems that approve updates.

The Trust Wallet Hack is one of several cryptocurrency wallet thefts in 2025. Personal wallet hacks have made up about 37% of the value lost in stolen cryptocurrency this year, not including the $1.4 billion Bybit hack in February, according to Chainalysis. Though the Trust Wallet losses were not as large as in some previous attacks, they point again to ongoing risks.

Source: Chainalysis

Industry leaders warn that the breach serves as another reminder to continuously monitor crypto security. Star Xu, the founder of OKX, said that these types of incidents demonstrate that security work is never done, and even trusted platforms can be vulnerable if proper precautions are not taken.

Also Read: Crypto Safety Alert: Binance’s CZ Targets Address Poisoning After $50 Million Loss