Hidden script caught harvesting private keys as Trust Wallet issues emergency warning for Chrome users
Trust Wallet advised users to disable its Chrome browser extension model 2.68 after the corporate acknowledged a safety incident and pushed model 2.69 on Dec. 25, following stories of pockets drains tied to the Dec. 24 replace.
According to BleepingComputer, victims and researchers started flagging thefts quickly after 2.68 rolled out. Early public tallies positioned losses in a $6 million to $7 million-plus vary throughout a number of chains.
The Chrome Web Store listing exhibits Trust Wallet extension model 2.69 as “Updated: December 25, 2025,” anchoring the seller’s patch timing to the day the incident entered wider circulation.
The similar itemizing shows about 1,000,000 users. That frames a worst-case ceiling for attain.
Practical publicity hinges on how many individuals put in 2.68 and entered delicate information whereas it was energetic.
Trust Wallet’s steering centered on the browser extension launch. The outlet mentioned cellular users and different variations of the extension have been unaffected.
Reporting up to now has targeting a particular consumer motion throughout the 2.68 window.
Researchers flag elevated dangers tied to Trust Wallet browser extension replace
BleepingComputer mentioned researchers and incident trackers tied the very best danger to users who imported or entered a seed phrase after putting in the affected model. A seed phrase can unlock present and future addresses derived from it.
The outlet additionally reported that researchers reviewing the two.68 bundle flagged suspicious logic in a JavaScript file, together with references to a file labeled “4482.js.”
They mentioned the logic may transmit pockets secrets and techniques to an exterior host. Researchers additionally cautioned that technical indicators have been nonetheless being assembled as investigators revealed their findings.
The similar protection warned of secondary scams, together with copycat “repair” domains. Those lures try to trick users into handing over restoration phrases underneath the guise of remediation.
For users, the distinction between upgrading and remediating issues.
Updating to 2.69 can take away suspected malicious or unsafe habits from the extension going ahead. It doesn’t mechanically defend property if a seed phrase or private key was already uncovered.
In that case, commonplace incident response steps embody transferring funds to new addresses created from a brand new seed phrase. Users also needs to test for and revoke token approvals the place possible.
Users ought to deal with any system that dealt with the phrase as suspect till it’s rebuilt or verified clear.
Those actions might be operationally pricey for retail users. They require re-establishing positions throughout chains and purposes.
In some instances, in addition they power a selection between velocity and precision when fuel prices and bridging dangers are a part of the restoration path.
The episode additionally places concentrate on the browser extension belief mannequin.
Extensions sit at a delicate seam between net apps and signing flows
Any compromise can goal the identical inputs users depend on to confirm a transaction.
Academic analysis on Chrome Web Store extension detection has described how malicious or compromised extensions can evade automated overview. It has additionally described how detection can degrade as attacker ways change over time.
According to an arXiv paper on supervised machine-learning detection of malicious extensions, “idea drift” and evolving behaviors can erode the effectiveness of static approaches. That level turns into extra concrete when a pockets extension replace is suspected of harvesting secrets and techniques by means of obfuscated client-side logic.
Trust Wallet’s subsequent disclosures will set the boundaries for how the story settles.
A vendor autopsy that paperwork root trigger, publishes verified indicators (domains, hashes, bundle identifiers), and clarifies scope would assist pockets suppliers, exchanges, and safety groups develop focused checks and consumer directions.
Absent that, incident totals have a tendency to stay unstable. Victim stories can arrive late, on-chain clustering might be refined, and investigators can nonetheless be resolving whether or not separate drainers share infrastructure or are opportunistic copycats.
Token markets mirrored the information with motion however not a single-direction repricing.
The newest quoted figures supplied for Trust Wallet Token (TWT) confirmed a final worth of $0.83487, up $0.01 (0.02%) from the prior shut. The figures confirmed an intraday high of $0.8483 and an intraday dip to $0.767355.
| TWT metric | Value (USD) |
|---|---|
| Last worth | $0.83487 |
| Change vs. prior shut | +$0.01 (+0.02%) |
| Intraday high | $0.8483 |
| Intraday low | $0.767355 |
Loss accounting stays in flux. The present best-public anchor is the $6 million to $7 million-plus vary reported within the first 48 to 72 hours after 2.68 circulated.
That vary can nonetheless shift for routine causes in theft investigations
Those embody delayed sufferer reporting, deal with reclassification, and improved visibility into cross-chain swaps and cash-out routes.
A sensible ahead vary over the subsequent two to eight weeks might be framed as situations tied to measurable swing variables. Those embody whether or not the compromise path was confined to seed entry on 2.68, whether or not extra seize paths are confirmed, and the way shortly copycat “repair” lures are eliminated.
| Scenario (subsequent 2–8 weeks) | Working loss vary | Share |
|---|---|---|
| Contained | $6M–$12M | 40% |
| Moderate growth | $15M–$25M | 35% |
| Severe revision | > $25M | 25% |
The incident lands amid broader scrutiny of how retail-facing crypto software program handles secrets and techniques on general-purpose gadgets.
2025 theft reporting has been massive sufficient to attract coverage and platform consideration.
Incidents tied to software program distribution additionally reinforce calls for construct integrity controls, together with reproducible builds, split-key signing, and clearer rollback choices when a hotfix is required.
For pockets extensions, the near-term sensible final result is easier. Users should resolve whether or not they ever entered a seed phrase whereas 2.68 was put in, as a result of that single motion determines whether or not upgrading is sufficient or whether or not they should rotate secrets and techniques and transfer funds.
Trust Wallet’s steering stays to disable the two.68 extension and improve to 2.69 from the Chrome Web Store.
Users who imported or entered a seed phrase whereas working 2.68 ought to deal with that seed as compromised and migrate property to a brand new pockets.
Trust Wallet has now confirmed that roughly $7 million was impacted within the v2.68 Chrome extension incident and that it’s going to refund all affected users.
In a press release posted on X, the corporate mentioned it’s finalizing the refund course of and can share directions on subsequent steps “quickly.” Trust Wallet additionally urged users to not work together with messages that don’t come from its official channels, warning that scammers could try to impersonate the workforce throughout the remediation effort.
The put up Hidden script caught harvesting private keys as Trust Wallet issues emergency warning for Chrome users appeared first on CryptoSlate.
