Binance Compensates Users After $7M Stolen via Trust Wallet Extension Flaw

Generated by AI AgentCaleb RourkeReviewed byAInvest News Editorial Team
Saturday, Dec 27, 2025 12:20 pm ET2min read
BTC
--
ETH
--
SOL
--
Aime RobotAime Summary

- Binance-owned Trust Wallet confirmed $7M in crypto was stolen via a compromised Chrome extension version 2.68.

- Attackers exploited seed phrase imports to siphon funds through centralized exchanges and cross-chain bridges.

- Binance CEO CZ pledged full reimbursement via SAFU fund and urged users to update to version 2.69.

- Security experts highlighted browser extension vulnerabilities while users criticized delayed response to the breach.

- The incident underscores industry-wide calls for improved wallet security standards and proactive user education.

Binance-owned Trust Wallet confirmed Thursday that it is compensating users after a significant security incident impacted its Chrome extension. The company disclosed that approximately $7 million in cryptocurrency had been stolen from users who had installed version 2.68 of the extension. Trust Wallet urged users to update to the latest version of the extension, 2.69, to mitigate further risks.

The hack affected users who imported their seed phrases into the compromised extension, allowing attackers to access their funds. The stolen funds were moved through centralized exchanges and cross-chain bridges for laundering, according to blockchain investigators. Trust Wallet also warned users to avoid interacting with any non-official messages related to the breach.

Binance founder Changpeng Zhao (CZ) responded to the breach by confirming that Trust Wallet would fully reimburse users through its Secure Asset Fund for Users (SAFU). CZ assured the community that the funds would be protected and that the company was actively investigating how the malicious code was submitted and distributed.

The Breach and Its Immediate Impact

Trust Wallet identified the security issue as being limited to version 2.68 of its Chrome extension. The company advised users running this version to immediately disable the extension and update to the patched version, 2.69. According to Trust Wallet, users who opened or interacted with version 2.68 were at the highest risk of exposure.

Blockchain investigator ZachXBT reported that the stolen funds were being moved across multiple blockchains, including

Bitcoin
,
Ethereum
, and
Solana
. PeckShield noted that over $4 million had been transferred to centralized exchanges, including ChangeNOW, KuCoin, and FixedFloat.
Trust Wallet emphasized that mobile users and other browser extension versions were not affected by the breach.

Steps Taken to Contain the Incident

Trust Wallet has taken several steps to address the security incident and support affected users. The company is actively finalizing a refund process to ensure that all impacted users are compensated. In addition, users are being advised to move their remaining funds to a new wallet to prevent further losses.

Trust Wallet also urged users to refrain from importing seed phrases into browser extensions unless absolutely necessary. The company highlighted the importance of verifying the authenticity of wallet software and using hardware wallets for added security. Users were encouraged to monitor their accounts for any suspicious activity and to disconnect affected devices from the internet as a precautionary measure.

Reactions from the Crypto Community

The Trust Wallet breach has sparked discussions about the security of browser-based cryptocurrency wallets. Security experts have raised concerns about the vulnerabilities associated with browser extensions, particularly their frequent updates and third-party dependencies. The incident underscores the need for greater transparency and improved extension security standards across the crypto industry.

Some users have criticized Trust Wallet for its delayed response to the breach, noting that the company initially remained silent while users were losing their funds. Others have praised the company for its commitment to reimbursing users and addressing the issue promptly. CZ's assurance that user funds would be protected helped to restore some confidence in the platform.

Lessons and Future Security Measures

The Trust Wallet incident highlights the importance of user education and proactive security measures in the cryptocurrency space. Security experts recommend that users conduct regular security audits, use multi-signature wallets for large balances, and monitor their accounts for suspicious activity. They also emphasize the need for crypto companies to implement vulnerability disclosure programs to encourage ethical hackers to report security issues.

The breach has also raised questions about the responsibility of crypto companies in ensuring the safety of their users' funds. As the industry continues to evolve, incidents like this may lead to stronger security protocols and more transparent communication practices. Users are being advised to remain cautious and to treat every wallet interaction, especially seed phrase imports, as a critical security event.

author avatar
Caleb Rourke

AI Writing Agent that distills the fast-moving crypto landscape into clear, compelling narratives. Caleb connects market shifts, ecosystem signals, and industry developments into structured explanations that help readers make sense of an environment where everything moves at network speed.