Trust Wallet users lost about $7 million after a compromised Chrome browser extension covertly exfiltrated seed phrases and private keys. The incident affected hundreds of users and targeted BTC, ETH, SOL and EVM‑compatible tokens, producing some individual six‑figure losses.
Security investigators traced the breach to malicious JavaScript embedded in an updated extension package. The payload, identified in a file referenced as 4482.js, posed as analytics code and activated when users imported seed phrases or private keys into the vulnerable extension.
A supply‑chain attack occurs when adversaries insert malicious code into legitimate software updates or distribution pipelines to reach end users.
Hundreds of accounts were reported drained, with some victims losing six‑figure amounts. Mobile users and those on other extension versions were confirmed not to be affected by this specific compromised release.
Response and Trust Wallet recommended remediation
Binance co‑founder Changpeng Zhao confirmed the $7 million loss and said Trust Wallet will reimburse affected users from its Secure Asset Fund for Users (SAFU). He indicated the team is investigating how a compromised extension reached the update pipeline and noted the possibility of insider involvement.
Trust Wallet issued a security advisory warning that any user who imported a seed phrase into Chrome extension version 2.68 should assume their wallet may be compromised. According to the company’s guidance, users are urged to immediately disable version 2.68 and update only to the patched version 2.69 through official Trust Wallet channels, avoiding any reinstallations until the fixed release is fully verified.
For those who entered a seed phrase or private key, Trust Wallet recommends treating the wallet as exposed: create a new wallet with a fresh seed phrase and transfer any remaining funds without delay. In addition, users should revoke token approvals and smart-contract permissions linked to the affected addresses and never reuse an exposed seed phrase. If funds are still at risk, the company advises disconnecting the device from the internet and following official Trust Wallet support channels for guidance on reimbursement and next steps.
The guidance emphasizes verifying software through official distribution channels and minimizing unnecessary browser extensions to reduce exposure.
The incident underscores supply‑chain risk in browser‑based custody and the operational exposure of extension update processes.
This compromise highlights how supply‑chain tampering can directly impact user funds and reinforces the need for rigorous update integrity and cautious extension use. Users should follow official remediation steps and monitor the investigation and SAFU reimbursements as the situation progresses.
