Trust Wallet Hack Claims Portal Launches After $7M Chrome Extension Breach

The Trust wallet hack pushed the platform to launch a compensation process after it detected malicious code in its Chrome browser extension. The company said the breach stayed limited to one release but caused verified losses for a small group of users.

Trust Wallet confirmed the issue originated in version 2.68 of the Chrome extension. The update was published on Dec. 24. Users who installed that release faced unauthorized wallet access shortly afterward.

Trust Wallet Hack Triggers Claims Review

After the Trust wallet hack, Victim users can now submit claims to the official support portal. It also needs a wallet address, attacker receiving address, transaction hash and country. The platform said it requires this information to verify each claim.

The company said it will review claims on a case by case basis. All submissions will be manually screened. Trust Wallet said accuracy and security remain the priority during reimbursement.

Trust Wallet reported the theft of about $7 million in digital assets. The losses affected BTC, ETH, BNB and SOL wallets.  Blockchain security firm PeckShield said over $4 million of the stolen funds had already moved through centralized exchanges. 

The platforms included ChangeNOW, FixedFloat, and KuCoin. Roughly $2.8 million remained in wallets controlled by the attacker at the time of reporting.

Changpeng Zhao, the founder of Binance, confirmed that all verified losses will be covered. Binance acquired Trust Wallet in 2018. Zhao said user funds remain protected despite the breach.

The incident became public after on-chain investigator ZachXBT issued alerts on Christmas Day. Users reported drained balances soon after installing the update. Trust Wallet released version 2.69 on Dec. 25 to remove the malicious code.

Breach Linked to Leaked Chrome API Key

Trust Wallet CEO Eowyn Chen said users who logged in before Dec. 26 at 11 A:M UTC faced the highest exposure in the crypto breach. Later users who accessed the extension were not affected. 

In an X post, Chen said internal findings showed a leaked Chrome Web Store API key was used to publish the compromised extension. This bypassed Trust Wallet’s normal release controls. Security firm SlowMist said the injected code harvested wallet recovery phrases through a modified analytics library.

However, Trust Wallet also got a confirmation from its end that the problem affected only its Chrome extension. Accordinn to company, the issue did not affect the mobile app users. The Trust wallet hack has renewed scrutiny of browser-based wallet security and software distribution practices.