Trust Wallet launches $7 million hacker attack victim compensation, industry security alarm rings again

2025-12-29 09:14:10

December 29, 2025, Gate market data shows that Bitcoin price has been fluctuating around $89,000 after consecutive volatility. Ethereum is approximately $3,000. Meanwhile, the cryptocurrency industry is focusing on a sudden security incident and the subsequent trust crisis.

The well-known crypto wallet Trust Wallet has officially launched a compensation process for victims affected by the hacker attack on its browser extension. The incident caused losses of approximately $7 million, impacting thousands of users.

01 Incident Recap

On December 25, 2025, on-chain detective ZachXBT was the first to issue an alert, reporting that multiple Trust Wallet users had experienced abnormal withdrawals from their wallets over the past few hours. The timing of the incident was suspiciously coincidental—shortly after the Trust Wallet Chrome extension was updated.

According to analysis by SlowMist Security Team, the attacker was clearly very familiar with the extension’s source code, having embedded malicious PostHog JS code to collect users’ wallet sensitive information.

Even more concerning, even after Trust Wallet released a patched version, the malicious code was not fully removed, leaving the risk ongoing.

The wallet team quickly confirmed the security incident and explicitly stated that the issue only affected Trust Wallet browser extension version 2.68. They urgently advised all users using this version to disable and upgrade immediately to version 2.69, emphasizing that users on mobile and all other browser extension versions were unaffected.

02 Attack Path and Loss Scale

The sophistication of this attack has attracted high attention from security experts. The attacker did not simply exploit external vulnerabilities of the wallet but directly targeted Trust Wallet’s update mechanism.

According to monitoring data from PeckShieldAlert, the attacker has transferred about $4 million worth of assets to major centralized exchanges. Among these, approximately $3.3 million was sent to ChangeNOW, about $340,000 to FixedFloat, and around $447,000 to KuCoin.

On-chain analyst Specter further revealed that the total stolen amount from users was about $6.7 million. Notably, this vulnerability was exploited two days before ZachXBT publicly disclosed it. The three wallets with the largest losses lost approximately $3.5 million, $1.4 million, and $747,000 respectively, with the first two wallets having been dormant for over a year and two years before the attack.

According to Eowyn Chen, CEO of Trust Wallet, the attack occurred between December 24 and 26, 2025. This incident has become one of the largest wallet-related security events of the year.

03 Compensation Challenges and Industry Response

After the incident, Binance co-founder Zhao Changpeng explicitly stated: “Trust Wallet will bear the related losses, and user funds are safe.” This promise brought some comfort to victims, but the actual compensation process is far more complex than expected.

Trust Wallet is currently facing about 5,000 compensation claims. A headache is that many of these are duplicate or even clearly fraudulent claims, posing significant challenges for verification.

To address this, Trust Wallet is implementing multiple verification measures, cross-checking various data points to confirm wallet ownership and identify genuine victims.

Meanwhile, SlowMist’s Chief Information Security Officer 23pds provided urgent advice to users: “Since users are still being robbed, anyone affected by the compromised version of Trust Wallet must disconnect from the internet first, then export their seed phrase and transfer assets; otherwise, opening the wallet online could lead to theft.”

04 Security Lessons and Industry Impact

The Trust Wallet incident occurs at a critical period when the crypto industry is seeking “mainstream compliance.” 2025 is seen by many analysts as a “watershed year” for the institutionalization of cryptocurrency operations, with regulatory frameworks like the US GENUIS Act and the EU’s MiCA gradually taking effect.

Against this backdrop, security incidents stand out sharply.

This incident exposed several key vulnerabilities in crypto wallet security: the extension update mechanism could be maliciously exploited, code audits may be insufficient, and security response speed needs improvement. As pointed out by the OneSafe editorial team, this attack “highlights the industry’s need for better security and verification processes.”

It’s noteworthy that, although the number of personal wallets compromised increased from 64,000 last year to 158,000 this year, the stolen amount as a proportion of total assets decreased from 44% to 20%. This indicates that while attacks are increasing in frequency, overall industry protection and response mechanisms are improving.

For ordinary users, this incident offers valuable lessons:

Be cautious with browser extension updates, especially those involving asset management tools
Always keep software up to date, but only through official channels
Consider using hardware wallets for large assets
Regularly check wallet activity and set transaction alerts

05 Current Market Environment and Gate User Recommendations

The Trust Wallet incident occurred during a period of increased market volatility. As of December 29, 2025, Bitcoin price has fallen about 25% from the October high of $126,000. Market data shows that in the past 24 hours, the total liquidation amount across the network reached $127.63 million.

In such a market environment, security incidents tend to amplify negative impacts. For Gate users, this event provides an opportunity to reassess their asset security strategies.

The Gate platform offers users comprehensive market data and risk management tools, including real-time liquidation heatmaps, which help identify market pressure zones and potential reversal points. These tools are especially important during market swings, as large-scale liquidations of leveraged positions can accelerate price fluctuations.

Recent Performance of Major Crypto Assets	Price (USD)	Retracement from All-Time High	Market Status
Bitcoin (BTC)	Approx. 89,600	About 25%	High-level consolidation
Ethereum (ETH)	Approx. 3,000	About 40%	Facing competitive challenges

Note: The prices in the table are approximate based on public data; actual trading data should be checked on the Gate platform.

Market data shows that funds flowing into Bitcoin and Ethereum spot ETFs continue to be net inflows, serving as the “stabilizers” throughout the year. Meanwhile, the total market cap of stablecoins has historically surpassed $310 billion, with daily settlement volumes beginning to rival traditional payment giants like Visa and PayPal. These developments indicate that, despite short-term volatility and security challenges, the long-term foundation of the crypto industry remains strengthening.

Future Outlook

Faced with the compensation claims from Trust Wallet, a practical challenge has emerged: how to identify the genuine victims among approximately 5,000 applications? Trust Wallet is addressing this by verifying wallet ownership through multiple data points.

The security defenses of the crypto industry have expanded from protecting the “treasury” itself to safeguarding “every path” leading to it. Extension updates, API keys, signing processes, and even seemingly harmless third-party analytics code can all become attack vectors.

On trading platforms like Gate, asset custody is managed by professional teams with multiple security layers. For users who choose self-custody, every click on “update” requires heightened vigilance.

BTC-0.44%

ETH-0.74%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.