Trust Wallet identified a security breach in its browser extension version 2.68 between December 24 and 26, 2025, caused by the leakage of an API key that allowed malicious code to be uploaded. Approximately 2,520 wallet addresses were affected, resulting in the theft of assets worth around $8.5 million. Investigations revealed that this attack was linked to the November Sha1-Hulud supply chain attack, where attackers gained access to the Chrome Web Store API using leaked GitHub credentials. Trust Wallet has decided to compensate affected users and is currently completing the verification and compensation process. The company has reached out to users who formally reported complaints and advised all affected individuals to transfer their funds to new wallets immediately and submit claims through an official form. Over 5,000 claims have been received so far, each being reviewed individually. Additionally, Trust Wallet released version 2.69, which addresses the security vulnerabilities and has revoked related publication permissions and credentials. As a popular digital wallet for storing various cryptocurrencies securely and conveniently, this breach poses a challenge to user trust; however, the company’s swift response and compensation offer aim to manage the situation. Users are urged to safeguard their wallet information and act promptly if they notice any suspicious activity.
Source: binance
