Trust Wallet Will Cover $7m Lost In Christmas Day Hack, Cz Says

The malicious Trust Wallet extension has also been exporting users’ personal information, pointing to potential insider activity, according to cybersecurity company SlowMist.

Trust Wallet users lost about $7 million in a Christmas Day exploit that had been planned since early December.

Trust Wallet’s browser extension version 2.68 was compromised by a security incident impacting desktop users, Trust Wallet said in a Thursday X post; it advised users to upgrade to version 2.89.

Changpeng Zhao, co-founder of Binance, which owns the cryptocurrency wallet that claims to serve 220 million users, said in a Friday X post that the lost funds will be covered.

Cryptocurrency wallet exploits have been an increasing threat to digital asset investors.  Personal wallet compromises accounted for 37% of the value stolen in 2025, if the $1.4 billion Bybit hack in February is excluded, according to Chainalysis.

Still, the $7 million Trust Wallet exploit pales in comparison to some of the biggest wallet hacks. In February 2024, the co-founder of play-to-earn game Axie Infinity, Jeff Zirlin, lost $9.7 million worth of Ether (ETH) to a suspected wallet exploit.

Related: Crypto hack counts fall but supply chain attacks reshape threat landscape

The orchestrators of the attack on Trust Wallet had been preparing the exploit as early as Dec. 8, wrote Yu Xian, co-founder of blockchain security firm SlowMist, in a Friday X post. A machine translation of his post read:

The backdoor code was also collecting users’ personal information, which was sent to the attacker’s server.

According to onchain detective ZachXBT, “hundreds” of Trust Wallet users were affected.

Source: CoinTelegraph