Trust Wallet Steps Up: Announces Full Compensation for $7M Browser Extension Hack

In a move that cuts through the typical silence following a crypto breach, Trust Wallet is putting its money where its mouth is. The popular self-custody provider just announced it will fully compensate users affected by a multi-million dollar exploit of its browser extension.

The Breach and The Pledge

The incident, which siphoned a significant seven-figure sum, targeted the wallet's browser extension—a tool many use for seamless interaction with decentralized apps. Instead of hiding behind opaque 'investigations' or blaming user error, Trust Wallet is bypassing the usual playbook. The company confirmed it will cover the full losses from its own coffers, a stark contrast to the 'code-is-law' purists who'd call it a costly lesson.

Why This Matters for Self-Custody

This decision isn't just about damage control; it's a strategic bet on trust itself. In the wild west of digital assets, where rug pulls and frozen funds are weekly headlines, taking responsibility is a rare commodity. For a service built on the promise of 'your keys, your crypto,' a hack is an existential threat. Compensating users rebuilds the very foundation the product is named after—though some might cynically note it's a seven-million-dollar marketing expense that traditional finance would simply call a 'reserve for operational risk.'

The security of browser extensions has long been a debated vulnerability, a chink in the armor between the cold storage of a hardware wallet and the convenience of daily trading. This incident puts every provider on notice.

Trust Wallet's compensation pledge sets a new precedent. It signals that in the race to onboard the next million users, protecting the current ones isn't just good ethics—it's good business. The real test won't be cutting the checks, but ensuring the flaw is permanently sealed. After all, in crypto, you only get to buy back trust once.

TLDR

• Trust Wallet confirms $7 million stolen in a hack via its Chrome extension.
• The incident affected users who logged in before Dec. 26, 2025, 11 a.m. UTC.
• A leaked Chrome Web Store API key allowed the malicious extension update.
• Binance guarantees full compensation for the losses caused by the hack.

Trust Wallet has begun offering compensation to users impacted by a security breach in its Chrome extension. The hack, which resulted in the theft of approximately $7 million in digital assets, affected users who had installed version 2.68 of the browser extension. Affected users can now submit claims through an official support FORM to be reimbursed.

The attack exploited a vulnerability in the Chrome extension, which was caused by a leaked Chrome Web Store API key. This allowed the malicious update to bypass Trust Wallet’s internal release procedures. The compromised extension then harvested users’ wallet seed phrases, leading to the theft of assets across several blockchains, including Bitcoin, Ethereum, and Solana. 

Trust Wallet crypto users suffer $7-million hack

Attackers breached a Google Chrome extension, impacting hundreds of users — now the developers urge to disable it

Binance founder Changpeng Zhao, who owns Trust Wallet, vows the losses will be compensated pic.twitter.com/0YuQ3jdzlO

— RT (@RT_com) December 26, 2025

Trust Wallet has confirmed that the hack was only impactful for users who logged into the extension before 11 a.m. UTC on December 26, 2025. Mobile app users and individuals using other versions of the browser extension were not affected.

Trust Wallet responded to the hack by rolling out a fix in version 2.69 of the extension on December 25, 2025. The company swiftly acknowledged the breach and confirmed its intention to compensate all affected users.

Trust Wallet stated that each claim WOULD be carefully reviewed and processed, ensuring accuracy and security during the verification process. The company also cautioned users about potential scams, urging them to only use the official compensation form available on its website.

URGENT: There is an active situation involving @TrustWallet that is currently being investigated.

Do NOT engage with Trust Wallet right now. Do NOT interact with links, updates, or “fix” messages unless they come directly from Trust Wallet’s official channels.

This is being… pic.twitter.com/i8t2h1GsVu

— 𝟸𝟺𝙷𝚁𝚂𝙲𝚁𝚈𝙿𝚃𝙾 (@24hrscrypto1) December 25, 2025

Changpeng Zhao, the founder of Binance, which acquired Trust Wallet in 2018, publicly assured users that the platform would cover the full amount of the losses. He reassured the community by stating, “So far, $7m affected by this hack. Trust Wallet will cover.” Zhao emphasized that user funds were “SAFU” (Secure Asset Fund for Users), reflecting Binance’s commitment to securing users’ assets.

The breach began with a leaked Chrome Web Store API key, which allowed attackers to publish the malicious extension update without going through the standard internal checks. Once released, the malicious code embedded in the extension used a modified open-source analytics library to capture wallet seed phrases when users interacted with the extension. 

This data was then transmitted to the attackers, leading to the theft of funds. Blockchain security firm SlowMist identified the malicious code, confirming its role in the hack.

Blockchain security monitoring by PeckShield later revealed that more than $4 million of the stolen funds had been moved through centralized exchanges, such as ChangeNOW, FixedFloat, and KuCoin. As of December 28, approximately $2.8 million remained in the attackers’ wallets. Trust Wallet has assured its users that it is taking every measure to recover stolen funds and prevent similar incidents in the future.

Trust Wallet has urged users to report any suspicious activities related to the hack and avoid falling victim to phishing scams. The company stated that fake compensation forms and impersonation scams were circulating following the breach. Users are advised to only use the official compensation claim form provided by Trust Wallet on its support portal.

The company continues to investigate the full scope of the incident, working with blockchain security experts to track and recover the stolen assets. Trust Wallet’s commitment to compensating affected users shows its dedication to maintaining trust and security within its platform.