A routine software update to a popular crypto wallet’s browser extension set off a cascade of losses this week, draining millions of dollars from users’ accounts and raising fresh questions about the security risks embedded in everyday digital finance tools. The first signs of trouble surfaced quietly, as individual users of Trust Wallet began reporting that their funds were vanishing without warning. Over a short span of time, wallets were emptied, transactions executed rapidly and without obvious user authorization. The alarm was amplified when ZachXBT, a well-known onchain investigator who tracks crypto-related thefts, issued a public alert on Telegram.
Based on an initial review of compromised addresses, he estimated that more than $6 million had been siphoned off from hundreds of users. The reports, he noted, appeared to cluster around the same moment—shortly after a recent update to Trust Wallet’s Chrome browser extension. By Thursday, Trust Wallet acknowledged that it had identified a security incident affecting a specific version of its browser extension—version 2.68. In a statement posted on X, the company urged users to immediately disable the affected extension and upgrade to version 2.69, which it said addressed the issue.
The company emphasized that the problem was narrowly scoped. Mobile-only users, as well as those running other versions of the browser extension, were not impacted, according to Trust Wallet. Still, the guidance was blunt: users who had not yet upgraded were advised to avoid opening the extension altogether until the update was complete. As investigators pieced together the scope of the breach, estimates of the losses continued to climb.
Leave a Reply