Trust Wallet Christmas Day hack: CZ pledges to cover $7M losses
Trust Wallet confirmed that its desktop browser extension suffered a security breach on Christmas Day, specifically impacting version 2.68. Around $7 million worth of assets were drained in the attack, which investigators now believe was planned weeks earlier, likely starting in early December. Binance co-founder Changpeng Zhao has stated that affected users will be reimbursed, helping to limit the financial damage and restore confidence after the incident.
The report outlines how the exploit occurred, the scale of the user impact, and the indicators that suggest the breach was premeditated. It also details the immediate steps users should take, including updating to the latest secure version, moving funds to uncompromised wallets, and monitoring accounts for suspicious activity. The goal is to help users understand the event and protect themselves moving forward.
What we know about the Trust Wallet Christmas Day hack
Trust Wallet said its browser extension version 2.68 was compromised, impacting desktop users. The project urged users to upgrade to the latest secure build and avoid interacting with the affected version. CZ posted that approximately $7 million was affected and that Trust Wallet would cover the losses, adding the team is probing how a malicious version was submitted. Independent researchers including ZachXBT reported “hundreds” of impacted users. X (formerly Twitter)+2The Block+2
Timeline and preparation tied to the Trust Wallet Christmas Day hack
SlowMist co-founder Yu Xian said attackers prepared the operation by at least Dec. 8, inserted a backdoor on Dec. 22, and began draining funds on Dec. 25. SlowMist added the backdoor captured users’ personal information and sent it to an attacker-controlled server, an indicator consistent with insider access or deep familiarity with the codebase.
Scale and context
While significant for victims, the $7M incident is smaller than some recent crypto thefts. In February 2024, Axie Infinity co-founder Jeff Zirlin reportedly lost ~$9.7M in ETH in a suspected wallet compromise. And in 2025, the largest single heist was the Bybit breach, which authorities tied to DPRK-linked actors. Chainalysis estimates total 2025 thefts at roughly $3.4B, with personal wallet compromises representing a rising share of incidents.
User impact and liability
Trust Wallet has said only the desktop extension 2.68 was affected (mobile apps and other versions were not), and CZ said affected users’ funds will be reimbursed. Users who imported seed phrases into 2.68 were at elevated risk, according to multiple investigators tracking the drains.
Industry response and insider-risk concerns
On-chain investigators and industry advisers suggested the compromise likely involved insider access or a hijacked release pipeline, given that a new malicious extension build appears to have been submitted. SlowMist also said the attacker was “very familiar” with the extension source code, enabling data exfiltration. Trust Wallet and partner exchanges are monitoring flows and coordinating on user remediation.
Broader trend: wallet compromises in 2025
Chainalysis reports that personal wallet compromises (phishing, malware, supply-chain tampering) represent a growing share of stolen value in 2025, even as some DeFi protocol hacks decline. The Bybit mega-hack and other large incidents skew annual totals, but the steady drumbeat of individual wallet drains keeps risk elevated for retail users.
Conclusion
The Trust Wallet extension incident highlights how supply-chain and distribution-channel compromises can slip past even careful users. With reimbursement promised, the most important steps now are updating to the latest secure version, migrating funds to wallets with newly generated seed phrases, and activating hardware-based security measures to reduce future risk.
Investigators’ findings especially the possibility of insider-related vectors may guide the wider industry toward strengthening release pipelines and improving code-signing controls. These insights could help developers tighten verification processes, reinforce distribution security, and build more resilient safeguards across wallet platforms.
FAQs
Q : What happened in the Trust Wallet Christmas Day hack?
A : A malicious desktop extension build (v2.68) allowed attackers to drain user funds on December 25.
Q : Will victims be reimbursed?
A : Yes, CZ said about $7M was affected and Trust Wallet will reimburse losses.
Q : Which users were affected?
A : Only desktop extension users who installed v2.68; mobile-only users were not impacted, according to Trust Wallet.
Q : Was this an insider attack?
A : SlowMist and other analysts say indicators suggest insider access or deep code familiarity; the investigation continues.
Q : How do I secure my funds now?
A : Remove v2.68, install the latest version, create a new wallet/seed on a trusted device, transfer funds, and consider using a hardware wallet.
Q : How big is this compared with other crypto hacks?
A : It’s smaller than major 2025 incidents like the Bybit hack but aligns with increasing wallet-level attacks.
Q : Does the exact phrase “Trust Wallet Christmas Day hack” refer to the extension issue?
A : Yes, it refers specifically to the December 25 exploit targeting Trust Wallet’s desktop browser extension (v2.68).
Facts
Event
Trust Wallet desktop browser extension breachDate/Time
2025-12-25T00:00:00+05:00 (exploit observed); 2025-12-26T00:00:00+05:00 (public alerts/posts)Entities
Trust Wallet (Binance affiliate); Changpeng Zhao (CZ); SlowMist; ZachXBT; ChainalysisFigures
~$7,000,000 affected; hundreds of users reported; 2025 thefts ≈ $3.4B (industry).Quotes
“So far, $7m affected by this hack. Trust Wallet will cover.” CZ, on X. Finance MagnatesSources
Trust Wallet X post (security alert) + URL; The Block report + URL; Chainalysis blog + URL; The Guardian (Bybit context) + URL. The Guardian+3X (formerly Twitter)+3The Block+3