Trust Wallet confirms 2,596 browser extension breach victims as false claims flood compensation process
Trust Wallet has released a new update that sheds light on a major security breach that affected its browser extension, revealing the scale of the incident and the growing challenges facing its compensation process. The breach, linked specifically to version 2.68 of the Trust Wallet browser extension, resulted in the unauthorized drain of more than $6 million in user funds over a three-day period in late December.
According to the company’s latest findings, exactly 2,596 wallet addresses have been conclusively identified as victims of the attack. However, the refund effort has proven much more complex than anticipated, with Trust Wallet receiving almost double that amount in compensation claims. Many of these filings, the company says, appear to be fake or duplicates.
The update was shared publicly by Trust Wallet CEO Eowyn Chen as the investigation continues into what is being described as one of the most serious supply chain security incidents involving a crypto wallet in 2025.
 |
| Source: Eowyn Chen |
What happened in the Trust Wallet extension breach
The incident occurred between December 24 and 26, when a compromised update to the Trust Wallet browser extension was distributed to users. Researchers believe the breach originated from a supply chain vulnerability, which allowed malicious code to be inserted into version 2.68 of the extension.
Once installed, the compromised version allowed attackers to gain unauthorized access to users’ wallets, resulting in a rapid and silent drain of funds. By the time the issue was detected and the affected version was removed, millions of dollars had already been diverted.
Trust Wallet immediately recommended users stop using the version 2.68 browser extension and migrate funds to new wallets. Warning messages were also sent directly to affected devices in an effort to prevent further losses.
Confirmed Victims Versus Filed Claims
After weeks of analysis, Trust Wallet says it has confirmed that 2,596 wallet addresses were directly affected by the breach. This figure is based on on-chain analysis, internal logs, and forensic review of transaction patterns linked to the compromised extension.
Despite this, the company has received approximately 5,000 compensation claims from users requesting a refund. According to Trust Wallet, a significant portion of these claims cannot be substantiated.
 |
| Source: Xpost |
Eowyn Chen stated that many of the submissions appear to be duplicate claims from the same users or completely false claims submitted by people whose wallets were not affected by the breach. This discrepancy has forced the company to slow down the refund process to protect legitimate victims.
Trust Wallet emphasized that accuracy is being prioritized over speed, as improper payments could undermine the integrity of the compensation program and divert funds from users who were actually affected.
Challenges in verifying legitimate claims
Verifying ownership of affected wallets has become one of the most time-consuming aspects of the response. Unlike traditional financial institutions, crypto wallets do not contain built-in identity verification, making it difficult to prove ownership without exposing users to additional security risks.
Trust Wallet says it is using multiple verification points to authenticate claims. These include analysis of transaction history, device metadata, and cross-referencing wallet activity with the known behavior of the malicious code used in the attack.
The company has acknowledged that this process is frustrating for users waiting for compensation, but insists that it is necessary to prevent abuse of the system and ensure that funds are distributed fairly.
Forensic investigation underway into the breach
While the clearing process continues, Trust Wallet is also conducting an extensive forensic investigation to determine how the compromised update was distributed and why existing safeguards failed to detect it sooner.
The company confirmed that Google has intensified its involvement in the case. Chrome Web Store audit logs are expected to be released soon, which can provide critical information about whether the violation occurred during the upload, review, or distribution phase of the extension update.
Trust Wallet also collects and analyzes devices used by remote workers who participated in development or deployment processes. Some of these devices are physically sent to the company’s security team for further inspection. Although logistical delays have slowed parts of the investigation, Trust Wallet says it has already developed several strong working theories about the origin of the breach.
Extent of risk and security of the current user
Trust Wallet has repeatedly stated that the breach was strictly limited to version 2.68 of the browser extension and that users not running this version are not affected. The company also clarified that there is no ongoing threat once users leave compromised wallets.
To reinforce this message, warning alerts continue to appear on devices that still have the affected version installed. Users who do not see these warnings are not believed to be affected and do not need to take additional action.
The company has emphasized that the Trust Wallet mobile apps and other versions of the extension were not compromised.
Why this incident is important for the crypto industry
The Trust Wallet breach highlights current concerns around supply chain security in the crypto ecosystem. As wallets and infrastructure tools become more complex, attackers are increasingly targeting update mechanisms rather than users directly.
Supply chain attacks are particularly dangerous because they exploit trust in official software distribution channels. In this case, users installed what they believed to be a legitimate update from a trusted source, only to unknowingly expose their assets.
Security experts say incidents like this underscore the need for stricter code auditing, multi-layer verification and real-time anomaly detection in wallet software.
Industry reaction and wider implications
The breach has drawn attention across the crypto industry, raising questions about how wallet providers manage the security of extensions and respond to large-scale incidents. While some observers have praised Trust Wallet’s transparency, others argue that the incident reveals structural weaknesses common to many crypto tools.
Regulators are also paying more attention to wallet security practices, particularly as browser extensions remain one of the most used interfaces for interacting with decentralized applications.
What comes next?
Trust Wallet says further updates on both the forensic investigation and the compensation process could be released the following day. The company has committed to keeping users informed as new findings emerge.
For now, affected users are encouraged to follow official guidelines, complete the verification process carefully, and be wary of scams trying to take advantage of the situation.
As the investigation continues, the Trust Wallet breach serves as a reminder that even widely trusted crypto platforms remain vulnerable to sophisticated attacks, and that security remains one of the industry’s most pressing challenges.
hokanews.com – Not just cryptocurrency news. It’s crypto culture.