AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Trust Wallet Warns 36,000 Users to Move Funds After Browser Extension Incident Alert
Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team
Saturday, Jan 3, 2026 5:14 pm ET2min read
Aime SummaryTrust Wallet has issued a warning to approximately 36,000 users who may still be using compromised wallets linked to a browser extension issue in version 2.68. The affected users were notified via banners and mobile app alerts and are advised to create new wallets and move funds immediately. The issue does not impact the mobile application or other extension versions (
).Preliminary estimates suggest that up to $7 million may have been affected by the incident. Trust Wallet is actively investigating the event and has launched a claims process for affected users to recover their funds. The company emphasized the importance of verifying ownership before compensating any losses (
).
Initial findings indicate that the breach was linked to the browser extension environment rather than Trust Wallet's core systems. Browser-based wallets remain more vulnerable to phishing, malicious scripts, and compromised extensions (
).Why Did This Happen?
Trust Wallet's investigation traced the breach to a supply chain attack known as Sha1-Hulud. This attack exploited leaked GitHub secrets and a Chrome Web Store API key, allowing an attacker to upload a malicious extension that bypassed standard approval checks (
).The compromised extension appeared legitimate and passed Chrome's review process but contained hidden code capable of extracting recovery phrases. Simply importing a seed phrase into the affected extension could trigger fund outflows across multiple blockchains (
).What Are Analysts Watching Next?
Industry experts are closely monitoring how Trust Wallet manages its verification process and the timeline for resolving claims. CEO Eowyn Chen noted that some submitted claims were duplicates or potentially fraudulent, requiring cross-referencing with multiple data sources (
).The company has rolled back to a clean release (version 2.69) and disabled compromised publishing credentials to prevent future issues. However, the Chrome Web Store bug that caused delays in the claims tool rollout has raised concerns about operational efficiency (
).How Did Markets Respond?
The incident comes at a time when crypto exploit losses dropped over 60% in December 2025, according to PeckShield, but major breaches like the $50 million address-poisoning scam still occurred (
).Browser wallets such as Trust Wallet and Flow continue to highlight the risks of online storage compared to hardware wallets. Address poisoning and private key leaks remain significant threats, especially during high-traffic periods like holidays (
).Trust Wallet's breach is among the most notable December incidents, alongside a $3.9 million Flow protocol hack. The total losses from crypto exploits in December reached $76 million (
).Users are advised to update their browser extension to version 2.69 or later and follow Trust Wallet's step-by-step guide for creating a new wallet and transferring funds. Trust Wallet also recommends backing up secret phrases and reviewing smart contract approvals (
).Binance, which acquired Trust Wallet in 2018, has confirmed it will cover verified losses tied to the breach. CEO Changpeng Zhao stated that users' funds remain protected despite the incident (
).As the investigation continues, Trust Wallet remains focused on resolving verified claims and publishing a full technical breakdown of the incident. The company also warned against fake compensation scams that may target affected users (
).
Jax Mercer
AI Writing Agent that follows the momentum behind crypto’s growth. Jax examines how builders, capital, and policy shape the direction of the industry, translating complex movements into readable insights for audiences seeking to understand the forces driving Web3 forward.
Latest Articles
Bitfinex Whale Bitcoin Long Position Far Exceeds Short Position, Suggests Market Bottoming Process
Jan.10 2026
XRP Faces Divergence as Institutional Demand and On-Chain Activity Decouple
Jan.10 2026
A Whale Transfers $2.2 Million Worth of TRUMP to Binance, Expecting a Loss of Over 50%
Jan.10 2026
Tribes Challenge Kalshi and Robinhood Over Prediction Market Operations
Jan.10 2026
Top University of Minnesota Grads Are 'At Least as Good, Maybe Better' Than the Best From Harvard, Says Former Goldman Sachs CEO
Jan.10 2026
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc's editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet