A Supply Chain Attack

     On 25 December 2025, a significant breach occurred via the Trust Wallet Chrome extension, resulting in the theft of approximately $7 million in cryptocurrency. Attackers compromised version 2.68 by injecting malicious code, leading to funds being drained from hundreds of users’ wallets.

Trust Wallet in Action

     Trust Wallet swiftly responded by launching version 2.69 with enhanced security measures and urged users to update immediately. Fortunately, those using only the mobile app (Android/iOS) remained completely unaffected. The company has confirmed it will compensate all impacted users.

My Point

     While this incident is particularly damaging for Trust Wallet’s reputation. That said, it’s notable that other hot wallets — such as MetaMask, Phantom, and Atom — have previously avoided compensating users in similar cases. Perhaps Trust Wallet's decision reflects a desire to retain its user base rather than a shift in industry ethics.