Trust Wallet was exploited through a vulnerability around Christmas, resulting in users losing approximately $7 million, suspected to be linked to an insider.
🔷 Version 2.68 of the Trust Wallet browser extension contains a backdoor, primarily affecting desktop users; Trust Wallet recommends updating to v2.89.
🔷 Changpeng Zhao (CZ) – co-founder of Binance (the company that owns Trust Wallet) confirmed that Binance will fully compensate for the damages.
🔷 According to SlowMist, the attacker had been preparing since December 8th, installed the backdoor on December 22nd, and withdrew money on Christmas Day; the malware also collected personal data and sent it to the attacker's server.
🔷 ZachXBT stated that hundreds of users were affected; several experts (including Anndy Lian) and CZ believe it is highly likely to be insider trading, as the attacker may have pushed the infected extension onto the website.
🔷 Chainalysis: Excluding the $1.4 billion Bybit case, personal wallet thefts account for 37% of stolen value in 2025 — indicating a growing risk.
➡️ Recommendation: Trust Wallet users should immediately upgrade to the latest version, check their computer for malware, and monitor compensation notifications from Binance/Trust Wallet.
