Trust Wallet has confirmed a security incident involving its browser extension, triggering concern across the crypto community.
The disclosure followed reports of unauthorized fund withdrawals affecting numerous users in a short timeframe.
While investigations continue, early findings point to a single extension version as the source of exposure.
The company has since moved to contain the issue and reassure users.
ZachXBT flags losses linked to extension update
The issue surfaced after on-chain investigator ZachXBT issued a community alert on Telegram on Thursday. He reported that several Trust Wallet users experienced sudden wallet drains over a limited period.
ZachXBT said affected users shared similar timelines, which raised immediate red flags among analysts.
According to his assessment, the technical root cause remained unclear at that stage. However, he noted that most reports coincided with a recent update to the Trust Wallet Chrome browser extension.
Using an initial list of theft-linked wallet addresses, ZachXBT estimated losses exceeding $6 million. He added that the attacker targeted hundreds of wallet addresses, indicating a coordinated exploit.
ZachXBT continued tracking on-chain activity and later suggested that total losses could rise further as analysis progressed. His findings prompted calls for an official response from Trust Wallet.
Trust wallet confirms version 2.68 exposure
Later on Thursday, Trust Wallet acknowledged the breach in a post on X. The company confirmed that the incident affected Trust Wallet Browser Extension version 2.68 only. It urged users to immediately disable that version and upgrade to version 2.69.
Trust Wallet advised users who had not updated to avoid opening the extension until the upgrade was complete. The company said this step could help prevent further losses. It also clarified that mobile-only users faced no impact and that all other extension versions remained secure.
The company said its security team continues to investigate the incident and will share updates as available. Trust Wallet described the situation as concerning and stressed active efforts to resolve it quickly.
Changpeng Zhao, Binance founder and Trust Wallet owner, later addressed the breach publicly. He said total losses reached about $7 million.
Zhao stated that Trust Wallet would cover affected losses and emphasized that user funds remain safe, using the term “SAFU.”
The breach adds to a growing list of crypto security incidents. Chainalysis data shows crypto theft exceeded $3.41 billion between January and early December 2025, surpassing last year’s pace.