A security breach affecting the browser extension of Trust Wallet has resulted in an estimated $7 million in stolen cryptocurrency, underscoring persistent vulnerabilities in consumer crypto infrastructure. The incident, reported by Yahoo Finance, involved a malicious software update that exposed users’ recovery phrases, allowing attackers to drain funds without further interaction.
According to the report, the issue was limited to a specific version of Trust Wallet’s Chrome extension. Malicious code was embedded into what appeared to be a routine update, creating a supply-chain-style attack. When affected users opened the extension or imported their seed phrases, the compromised software silently transmitted that sensitive information to an attacker-controlled server.
With access to those seed phrases, attackers were able to recreate victims’ wallets elsewhere and transfer funds out. Losses were spread across multiple blockchains, including major networks such as Bitcoin and Ethereum. Trust Wallet said its mobile applications were not affected.
Trust Wallet moved quickly to remove the compromised extension version and released an updated build, urging users to upgrade immediately. The company also advised anyone who used the affected version to assume their wallet credentials were compromised and to move any remaining assets to a new wallet with a fresh recovery phrase.
The incident drew a response from Binance, which owns Trust Wallet. Binance said it would reimburse affected users and support investigations into how the malicious update was published through the Chrome Web Store.
While browser extensions have become a popular way to access decentralised applications, the episode highlights their structural risks. Unlike hardware wallets, browser-based wallets operate in environments more exposed to malware, compromised updates and third-party platform weaknesses.
For European policymakers and financial institutions watching the evolution of digital money, the case offers a cautionary contrast. As the European Central Bank continues work on the digital euro, officials have repeatedly stressed the importance of controlled distribution, robust security standards and clear liability frameworks, areas where parts of the crypto ecosystem still rely heavily on user self-custody and trust in private software supply chains.
The Trust Wallet breach serves as a reminder that convenience in digital finance often comes with trade-offs, and that security failures can have immediate and irreversible consequences for users.