$7 million stolen on Christmas Eve: Chrome extension Trust Wallet compromised by hackers

Right on Christmas Eve, hackers managed to slip a tampered version of the Trust Wallet browser extension into the Google Chrome Web Store. This software is used to store and manage crypto wallets and supports over 100 different cryptocurrencies, including Bitcoin, Litecoin, Dogecoin and Tron.

People such as ZachXBT first reported the hack on December 25, and Trust Wallet responded almost immediately. Even so, the malicious update was able to cause damage for nearly 24 hours. Anyone who actively used the browser extension with version number 2.68 should move all coins stored in the app and browser extension to new wallets.

The malicious code was injected directly into the authentication paths for passwords and biometrics. As soon as users unlocked a wallet, regardless of the method, the theft was triggered. The code then looked through all wallets associated with the account, not just the one that was active at the time. It then forwarded seed phrases to the cybercriminals, who apparently meticulously prepared this hack. 

The infrastructure for the data theft was set up as early as December 8, 2025, more than two weeks before the actual attack happened on Christmas Eve. Among other things, a Synology NAS system hosted in Ukraine was used as a server, the provider was connected to cybercrimes in the past. Binance founder Changpeng Zhao quickly announced that affected users would be compensated. Trust Wallet also provided more details via X.

The timing of the attack was probably no coincidence. Christmas Eve offers ideal conditions for "digital break-ins", as the holidays often limit the responsiveness of security teams. In many companies, offices remain empty and support teams are often understaffed. For customers without deep technical knowledge, it becomes difficult to find any help or assistance, while attackers exploit these increased response times.