Trust Wallet has confirmed it will compensate users who lost funds in a Christmas Day security breach that drained roughly $7 million from desktop wallet holders. The exploit, which targeted a compromised browser extension, has triggered fresh debate over insider risks within major crypto platforms and raised alarms about the safety of self custody wallets.

Changpeng Zhao, co-founder of Binance, which owns Trust Wallet, said the company would fully cover user losses. The incident involved a malicious version of the Trust Wallet browser extension that had been quietly prepared weeks before the attack, according to blockchain security researchers.

How the Christmas Day exploit unfolded

The breach was linked to Trust Wallet browser extension version 2.68, which was compromised and distributed to desktop users. Trust Wallet disclosed the issue in a post on X, advising users to immediately upgrade to version 2.89, which contains fixes to address the vulnerability.

Investigators say the exploit was not a spontaneous attack. Yu Xian, co-founder of cybersecurity firm SlowMist, revealed that the attackers began planning as early as December 8. The malicious code was allegedly implanted on December 22, just days before funds started moving out of user wallets on Christmas Day.

According to SlowMist, the attackers inserted a backdoor that allowed them to access wallets and siphon funds without alerting users in real time. The breach only came to light after unusual fund transfers were detected, prompting an internal investigation and public disclosure.

Personal data also compromised, researchers say

Beyond financial losses, security experts say the incident exposed sensitive user information. SlowMist reported that the malicious extension was exporting personal data from affected users and sending it to servers controlled by the attacker.

This aspect of the exploit has heightened concern, as it suggests the breach went beyond a simple wallet drain. Access to personal information could potentially expose users to phishing attacks, identity theft, or further financial risks.

Onchain investigator ZachXBT said that hundreds of Trust Wallet users were affected, indicating that the scope of the attack was wider than initially assumed.

Trust Wallet has not publicly detailed what categories of personal data were accessed, but the company has urged users to update the extension and review their security practices.

CZ promises reimbursement for affected users

Changpeng Zhao addressed the issue in a post on X, stating that Trust Wallet would cover all verified losses resulting from the exploit. Zhao emphasized that user protection was a priority and acknowledged the seriousness of the breach.

Source: Cos

Trust Wallet claims to serve more than 220 million users worldwide, making the incident particularly notable even though the dollar amount involved is small compared to some past crypto hacks.

While reimbursement offers some relief, the promise does little to calm fears about how such a breach was able to occur in the first place, especially within a widely used wallet product tied to one of the industry’s largest companies.

Insider activity suspected in extension compromise

Several industry observers believe the nature of the attack points to possible insider involvement. The attacker was reportedly able to submit or replace a version of the Trust Wallet extension on the official website, a capability that would typically require privileged access.

Intergovernmental blockchain adviser Anndy Lian described the incident as unnatural and said the likelihood of insider involvement appeared high. Zhao echoed this view, stating that the exploit was most likely carried out with insider assistance.

SlowMist’s Yu Xian added that the attacker showed deep familiarity with the Trust Wallet extension’s source code. This level of knowledge, researchers argue, would make it far easier to implant a stealthy backdoor capable of harvesting funds and user data without immediate detection.

Trust Wallet has not confirmed whether an internal investigation has identified specific individuals, but the comments from Zhao and independent researchers suggest the company is treating the insider angle seriously.

Wallet exploits remain a growing threat

The Trust Wallet incident adds to a growing list of wallet related breaches in the crypto sector. According to Chainalysis, personal wallet compromises accounted for 37 percent of the total value stolen in 2025, excluding the $1.4 billion Bybit hack reported in February.

Although the $7 million loss is relatively modest compared to major breaches, it highlights the risks users face even when using popular and well known wallet providers.

For comparison, in February 2024, Axie Infinity co-founder Jeff Zirlin reportedly lost $9.7 million worth of Ether in a suspected wallet exploit, underscoring how devastating such attacks can be at an individual level.

As investigations continue, the Trust Wallet hack is likely to fuel renewed calls for stricter internal controls, better code auditing, and greater transparency from wallet providers that market themselves as secure gateways to self custody.