Trust Wallet to Refund Users After $7M Christmas Day Hack
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Trust Wallet, a popular self-custody crypto wallet, announced that it had identified a security incident affecting the Trust Wallet Browser Extension v2.68 on December 25.
The incident, which has since become known as the Christmas Day security breach, caused users to lose over $7 million. In the aftermath of the attack, the wallet announced that users who were damaged by the incident will receive full reimbursement, which was also confirmed by Binance’s co-founder, Changpeng Zhao.
What Happened?
According to Trust Wallet’s post on X on December 25, there was a security incident involving the v2.68 of the Trust Wallet browser extension. Users who had already switched to v2.69 were not affected, and the wallet urged those who still used v2.68 to disable it and upgrade to the newer version as soon as possible.
Trust Wallet also insisted that mobile-only users and other browser extension versions were not impacted by the incident.
The following day, December 26, Trust Wallet published another post with an update on the incident, saying that its team was able to confirm that approximately $7 million had been impacted. It added that the wallet will ensure all affected users are refunded.
“Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users. We appreciate your patience and will share instructions on next steps soon,” Trust Wallet said in another post on X.
It also warned users not to interact with any messages that do not come from the wallet’s official channels, to avoid falling victim to potential scams.
Later on the same day, Trust Wallet provided a guide on how to start the compensation process. It also said that the support team is prioritizing all the victims from the incident, and has already started reviewing submissions.
“We apologize and acknowledge that this situation has been frustrating and disruptive. We are working around the clock to finalize the compensation process details and each case requires careful verification to ensure accuracy and security.”
Lastly, the wallet said that it will be in close contact with the victims on any progress and updates.
Leading blockchain security firm SlowMist also published a report on the matter, explaining the incident.
It said “This backdoor incident originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rather than an injected compromised third‑party dependency (e.g., malicious npm package). The attacker directly tampered with the application’s own code, then leveraged the legitimate PostHog analytics library as the data‑exfiltration channel, redirecting analytic traffic to an attacker‑controlled server.”
