Trust Wallet confirmed a $7 million exploit targeting its browser extension on Christmas Day, marking one of the largest single wallet breaches of the year.
The attack exposed vulnerabilities in a recent update that allowed malicious actors to compromise private key handling and drain user funds across multiple networks.
Trust Wallet Experiences Coordinated Attack During Holidays
Users began reporting unauthorized withdrawals from Ethereum, BNB Chain, and Polygon wallets connected to the extension early on December 25, which marked the beginning of the incident. Soon after, blockchain security companies noticed an odd increase in identical outgoing transactions from addresses linked to the most recent version of Trust Wallet’s browser.
Investigators linked the attack to a flaw in an upgrade that altered the extension’s handling of transaction signing requests. By rerouting signature approvals to addresses under their control, attackers seem to have taken control of this flow. Within hours, on-chain data revealed a well-planned robbery involving over $7 million in tokens and stablecoins, some of which had already been filtered via mixing algorithms to hide their final destination.
The assault targeted the browser environment of Trust Wallet, an increasingly popular tool for customers who desire fast access to decentralized services, although it had no effect on the company’s standalone app or core mobile infrastructure. The event confirms worries that convenience features, particularly those implemented prior to thorough security checks, may create blind spots.
Company ResponseÂ
By midday Christmas, the development team disabled the affected update and advised extension users to disconnect wallets, generate new key pairs, and transfer any remaining assets to secure addresses. Trust Wallet also launched a forensic review alongside independent blockchain analysts to identify the full scope of the breach and determine whether any supply-chain compromise contributed to the vulnerability.
Security researchers believe the attackers exploited a flaw in the wallet’s signing mechanism that allowed invisible approvals on certain web interfaces. Some experts suspect an injection attack through compromised dependencies or a malicious code library delivered during the pre-release cycle.
