Drenajes no autorizados afectan a usuarios de Trust Wallet después de una actualización de una extensión maliciosa

Trust Wallet Users Report Unauthorized Drains After Browser Extension Update
On Christmas Day, a wave of reports emerged about unauthorized fund withdrawals from Trust Wallet, a popular cryptocurrency wallet. The issue, first flagged by on-chain investigator ZachXBT, quickly spread through crypto communities on platforms like Telegram and X. Many users said their wallets were drained after importing seed phrases into the Chrome browser extension.

The suspected culprit is the latest update to the Trust Wallet browser extension, which was released on December 24. Security researchers found suspicious code in the updated extension, including a JavaScript file that allegedly sent data to an external domain. The domain, metrics-trustwallet.com, was registered only days before the incident.

Trust Wallet has since acknowledged a security issue affecting only version 2.68 of the browser extension. The company advised users to disable the extension immediately and upgrade to version 2.69 via the official Chrome Web Store. Mobile-only users and other extension versions were not impacted, according to the company's statement.

Suspicious Code and Immediate Wallet Drains

Independent researchers identified a JavaScript file, 4482.js, within the affected Trust Wallet extension that contained code masquerading as analytics-related functionality. The code was said to activate when a user imported a seed phrase, leading to the transmission of sensitive data to an external domain. The domain, metrics-trustwallet.com, was registered days before the incident and has since gone offline.

Users reported that their wallets were drained shortly after importing seed phrases. Some victims said they lost hundreds of thousands of dollars within minutes. One user shared a post on X stating they lost $700,000. The pattern of rapid fund movement across multiple blockchains, including EVM-compatible networks,

What This Means for Investors

The incident highlights the growing risk of browser-based wallet extensions, which operate with broad permissions and are frequently updated. Analysts have long warned that browser extensions can be exploited if compromised or if malicious code is injected through supply chains. In this case, the update appears to have introduced a vulnerability that allowed attackers to access sensitive user data.

Seed phrase handling remains one of the most critical moments in wallet security. Importing a seed phrase gives a wallet full control over a user's assets, making it a high-risk action if done in an insecure or compromised environment. The Trust Wallet incident serves as a stark reminder that even well-known wallets are not immune to security breaches, especially when update mechanisms or user practices are not carefully managed.

Risks to the Outlook

The Trust Wallet incident has renewed scrutiny around browser-based wallets and the broader issue of extension security. Cybersecurity researchers have previously identified fake extensions designed to capture seed phrases, as well as malicious trading "helper" extensions that alter transaction instructions. In some cases, seemingly legitimate extensions were later updated to inject scripts or reroute traffic.

This incident may prompt users to reconsider how they manage their wallets and handle seed phrases. Security experts advise users to move funds to fresh wallets created on secure devices, avoid unnecessary browser extensions, and verify all wallet software through official sources. In addition, users who suspect their devices may be compromised are advised to disconnect from the internet as a precautionary measure.

What Analysts Are Watching

Trust Wallet has yet to provide a detailed technical explanation of the security incident, leaving many questions unanswered. Analysts are watching closely to determine whether the issue was an internal or external compromise, whether third-party dependencies were involved, and how many users were affected. The lack of a full technical breakdown has led to speculation and misinformation within the community.

As investigations continue, the broader crypto industry may see increased calls for greater transparency during security events and improved security standards for browser extensions. The Trust Wallet incident also underscores the importance of user education around seed phrase handling and the risks associated with importing seed phrases into hot wallets.

How Markets Reacted

While the incident has not yet triggered a broader market selloff, it has caused significant concern among self-custody users. The incident has reinforced the idea that in crypto, control of assets comes with responsibility. Mistakes are often irreversible, and the risks of using hot wallets-especially browser extensions-can be high if users are not cautious.

Trust Wallet's acknowledgment of a limited security issue in one extension version has helped reassure some users, but the company has yet to provide a full post-mortem. Analysts are urging users to treat every wallet interaction, especially seed phrase imports, as a critical security event.