Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen
Trust Wallet confirmed this morning that browser extension version 2.68 has a fatal vulnerability, which will cause on-chain losses and users must immediately upgrade to 2.69.
(Preliminary summary: CZ retweet detonated the Trust Wallet token TWT soaring by 40%; pointing to the era of 1 billion Web3 users)
(Background supplement: What is the "Wallet as a Service" WaaS launched by Trust Wallet, analysis of advantages and disadvantages, can it become mainstream in the future? )
Cryptocurrency wallet Trust Wallet A major security alert was issued at around 6 a.m. today (26th), confirming that version 2.68 of its browser extension has a serious vulnerability, leading to the outflow of user assets. On-chain detective ZachXBT tracking shows that the number of victims has reached hundreds, and the loss was first estimated at about $6 million.
For users who haven't already updated to Extension version 2.69, please do not open the Browser Extension until you have updated. This may help to ensure the security of your wallet and prevent further issues.
— Trust Wallet (@TrustWallet) December 26, 2025
Vulnerability details and loss scale
The official notice pointed out that the affected objects are users who have installed version 2.68 extensions on the mobile version. Trust Wallet emphasized in the announcement:
"We have released a patch for version 2.69, please all browser extension users to upgrade immediately."
If you are also a Trust Wallet user and have installed version 2.68, "Please do not import the mnemonic phrase" and it is best to upgrade through the official link of the Chrome Online App Store. Mnemonic phrases imported in a contaminated environment are best treated as leaks, and it is best to create a new wallet and migrate the balance (it is recommended that assets be transferred to other brand wallets before the official problem is completely solved).
The malicious script 4482.js sneaked in through official updates
It is understood that the attacker inserted a file named 4482.js during the packaging process and claimed to be used for "Analytics". When it detects that the user enters the mnemonic phrase, it sends the data to the registered domain metrics-trustwallet.com, and then uses automated scripts to quickly withdraw assets from the EVM compatible chain, Bitcoin and Solana.
At present, individual victims have reported losses ranging from tens of thousands to hundreds of thousands of dollars. We will continue to track the official next step for potential compensation.
