Blockchain researcher ZachXBT reported on December 25th that multiple Trust Wallet users had experienced fraudulent fund outflows within the past few hours.
Affected users said their assets were leaked from their wallet addresses without their authorization.
Sponsored Sponsored
A major security warning for Trust Wallet users?
According to ZachXBT, the exact root cause has not yet been confirmed. But the timing is causing concern. Today’s incident comes on the heels of the latest update to the Trust Wallet Chrome extension that was released the day before.
ZachXBT has begun collecting wallet addresses related to the alleged theft and is calling on affected users to come forward as the investigation continues.
Although TrustWallet has not yet released a detailed technical explanation, the situation surrounding browser-based crypto wallets has come under renewed scrutiny.
Chrome extensions run with elevated privileges. Security researchers have repeatedly warned that a single malicious update or compromised dependency can put users at significant risk.
Several high-profile extension-related wallet threats have already emerged in recent months.
Sponsored Sponsored
Security firms have previously issued warnings about fake wallet extensions designed to capture seed phrases, allowing attackers to completely recreate wallets and later drain funds.
In other cases, malicious trading “helper” extensions secretly modified trading instructions and siphoned off small amounts of cryptocurrency each time a user approved a swap.
More broadly, cybersecurity researchers have documented campaigns involving seemingly legitimate browser extensions that were later updated to inject scripts, reroute traffic, or collect sensitive data.
Although not necessarily cryptocurrency-specific, such functionality can be reused to target wallet sessions, sign-in flows, or transaction authorizations.
Against this backdrop, the Trust Wallet report immediately caused concern throughout the crypto community.
Users are being asked to review recent transactions, revoke unnecessary privileges, and avoid signing new transactions until there is more clarity.
If you suspect a breach, we recommend moving your remaining funds to a new wallet created from a fresh seed phrase.
At the time of publication, Trust Wallet has not confirmed whether a Chrome extension update is the direct cause.
