Trust Wallet said it will reimburse users for approximately $7 million lost in a Christmas Day exploit tied to a compromised browser extension. The incident affected desktop users running extension version 2.68, which the company has since urged users to replace with an updated release. Binance co-founder Changpeng Zhao confirmed the losses would be fully covered.
Cybersecurity firm SlowMist said the exploit appeared to have been planned weeks in advance and involved the insertion of backdoor code capable of exporting users’ personal information. Investigators noted that the attacker demonstrated deep familiarity with the extension’s source code, raising concerns about potential insider involvement.
The incident highlights ongoing security challenges for self-custody wallets as adoption grows. Personal wallet compromises accounted for a significant share of crypto losses in 2025, underscoring institutional and regulatory focus on software supply chain risks and internal controls across the digital asset ecosystem.
