Trust Wallet, a cryptocurrency wallet owned by Binance founder Changpeng "CZ" Zhao, said on Thursday it had identified a security breach affecting a specific version of its browser extension, with Zhao confirming that at least $7 million was stolen and that the company will reimburse all affected users.
Trust Wallet Urges Upgrade After Breach
Blockchain investigators first flagged unusual activity on the Trust Wallet browser extension over the Christmas period, with on-chain sleuths reporting hundreds of user accounts drained of funds after installing version 2.68 of the extension.
In a post on X, Trust Wallet advised users with the compromised extension to immediately disable it and upgrade to the latest version, 2.69, while emphasizing that mobile users and other extension releases were not affected.
CZ reiterated that user assets are “SAFU,” crypto industry jargon for secure, and the platform will cover the losses. The team is still investigating how the malicious version was able to be submitted to the browser store, he added.
Trust Wallet has over 220 million accounts. Zhao acquired the wallet in 2018 through Binance, but did not disclose the purchase price. The platform recently entered the prediction market trend and began offering access to event-based contracts.
Growing Focus On Wallet Security
Security breaches involving wallet extensions have become a growing concern as attackers increasingly target software supply chains to capture private keys or seed phrases.
The incident follows a broader upswing in crypto security incidents this year, highlighting ongoing risks in decentralized finance infrastructure as developers and users contend with sophisticated exploits and social engineering campaigns.
Cryptocurrency theft totaled over $3.41 billion from January through early December this year, up from $3.38 billion last year, according to estimates from blockchain intelligence firm Chainalysis.