Trust Wallet Launches $7M Compensation Fund After Chrome Extension Exploit Exposed Seed Phrases
Trust Wallet just dropped a $7 million bomb on its own balance sheet—and it's not an investment. The popular crypto wallet is scrambling to make users whole after a critical vulnerability in its Chrome browser extension left seed phrases dangerously exposed.
The Breach That Broke the Vault
The exploit didn't need to pick a lock; it found a window left wide open. A flaw in the extension's architecture allowed malicious actors to potentially siphon off the very keys to users' digital kingdoms. No complex hack, just a simple oversight with catastrophic potential. The $7 million fund isn't generosity—it's a calculated cost of doing business when that business is safeguarding billions in digital assets.
Trust's $7M Mea Culpa
Announcing a compensation plan is one thing. Delivering it is another. Trust Wallet now faces the monumental task of verifying claims and processing payouts without creating another vulnerability in the process. The move sets a precedent, forcing the entire industry to ask: when your code fails, does your treasury step up? Some traditional finance veterans might scoff at the sum, calling it a rounding error compared to the bailouts they're used to—just without the taxpayer-funded safety net.
The New Security Standard
This isn't just a bug fix. It's a line in the sand. The incident exposes the fragile trust in browser-based crypto tools and pushes self-custody solutions to prove they're more secure than the exchanges they aim to replace. Active development and aggressive audits are no longer nice-to-haves; they're the price of admission.
Trust Wallet's multi-million dollar apology fund is a stark reminder: in crypto, you're only as good as your last line of code. And sometimes, that code costs you $7 million to rewrite.
Trust Wallet Contacts Victims as Scammers Exploit Breach Fallout
In a statement posted on X on December 26, Trust Wallet acknowledged the disruption caused by the breach and said its support team had already begun contacting impacted users.
Update on Trust Wallet Browser Extension v2.68 Security Incident: Compensation Process
To start the compensation process, affected users should please complete this form: https://t.co/xlBLrL6kMj to help us process your case.
Our support team is prioritizing all the victims from… https://t.co/yaqFNLxuyx
The company added that each case requires careful verification to ensure accuracy and security and promised to provide ongoing updates as the process moves forward.
At the same time, Trust Wallet warned users to remain vigilant against scams, noting an increase in fake compensation forms, impersonated support accounts, and unsolicited direct messages circulating on Telegram and other platforms.
The compensation announcement followed confirmation of the breach on December 25, when Trust Wallet disclosed that only version 2.68 of its Chrome browser extension was affected.
Blockchain investigator ZachXBT first drew attention to the incident after multiple users reported unauthorized fund outflows shortly after installing the update.
Multiple Trust Wallet users experienced unauthorized fund outflows on Thursday due to a new browser extension theft. Losses are estimated to surpass $6 million.#TrustWallet #CryptoTheft #TrustWalletThefthttps://t.co/mchzwWAHK3
Trust Wallet later urged users running the compromised version to disable it immediately and upgrade to version 2.69.
According to ZachXBT, the number of victims climbed into the hundreds within hours, with more than $6 million siphoned across several blockchains, including Bitcoin, Solana, and EVM-compatible networks.
Several users said their wallets were drained within minutes, with one account on X claiming losses exceeding $300,000, though ZachXBT later flagged that specific account as suspicious.
How a Chrome Extension Update Turned Into a Wallet Heist
Investigators and users reported that the malicious extension appeared legitimate when installed through Chrome’s normal update process.
However, the embedded code allowed attackers to extract users’ recovery phrases, enabling immediate access to their funds.
One user warned that simply importing a seed phrase into the extension triggered instant wallet draining.
Browser extensions typically operate with elevated permissions, giving them access to web pages, storage, and browsing data, which makes them a powerful target for attackers when abused.
Trust Wallet said mobile app users and those running other versions of its browser extension were not impacted. The Chrome extension itself has roughly one million users, according to its Web Store listing.
In a separate post, Changpeng Zhao, the founder of Binance, which acquired Trust Wallet in 2018, confirmed that all verified losses WOULD be covered. Zhao estimated the total affected amount at around $7 million and said user funds would be reimbursed.
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused.
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
The incident comes amid a broader rise in wallet-related exploits across the crypto industry.
According to Chainalysis, more than $3.4 billion was stolen from January through early December 2025, with a single February compromise at Bybit accounting for nearly half of that total.
Personal wallet compromises have grown steadily over recent years, rising from just over 7% of stolen value in 2022 to more than a third in 2025, excluding the Bybit attack.
Centralized platforms, while less frequently compromised, have also seen increasingly large losses tied to private key breaches.
