Trust Wallet users have reported a large-scale hack: according to available data, hundreds of people were affected, and attackers withdrew over $6 million in SOL, EVM tokens, and BTC. This was first reported by researchers and bloggers, including ZachXBT, following a wave of complaints on social media and messaging platforms. While the cause of the incident has not been officially confirmed, discussions include a theory about a malicious update to the wallet's browser extension.
What Happened to Trust Wallet?
Several users reported their wallets were emptied, with the number of complaints reportedly growing to hundreds of victims. Early investigations estimate the total stolen funds exceed $6 million, transferred in SOL, EVM tokens, and BTC. These details became public through Telegram channels and social networks where victims shared transaction traces and losses.
Possible Causes of the Hack
Among the considered theories is a supply chain attack linked to a recent update of the Trust Wallet browser extension. Discussions mention that the December 24 update may have included hidden code silently sending wallet data externally. According to some observers, this code disguises itself as analytics but tracks wallet activity and triggers upon importing the seed phrase.
Online reports also indicate the vulnerability manifested specifically after entering the seed phrase into the extension, aligning with the theory of a malicious update component. Similar scenarios involving third-party software compromises have been discussed in other materials about hacks via external service providers, where attackers gain access through updates or integrations; comparable examples can be found in the article on account hacks.
Security Recommendations
Threat experts and community members are already offering straightforward practical advice to Trust Wallet owners and extension users. If you have the Trust Wallet browser extension installed and it holds funds, quick action is necessary to minimize losses. Below are specific steps strongly recommended by researchers.
- Disconnect your device from the network and internet if the Trust Wallet extension is installed in your browser — this advice comes from threat researcher Vladimir S. and aims to reduce potential fund withdrawals.
- Do not enter your seed phrase into the extension or import keys into browser plugins until the situation is clarified; reports indicate leaks occurred precisely when seed phrases were imported.
- Avoid using the extension or performing wallet operations through suspicious updates; wait for official clarifications from Trust Wallet and guidance on cleaning or recovery.
Trust Wallet's Response
At the time of publication, Trust Wallet has not officially responded to accusations or requests for comment. Meanwhile, Vladimir S. stated that an investigation is underway and additional information about the incident will be released. Blogger ZachXBT expressed hope that if the wallet's culpability is confirmed, the company will consider compensation for victims.
Why This Matters
If you store funds in Trust Wallet or use its extension, this incident poses a direct risk of loss: reports specifically mention such victims. For those who only mine and keep rewards in other wallets or exchanges, the direct impact may be absent; however, the hack scheme via an extension update illustrates how vulnerabilities in third-party software can affect any crypto holder.
It is important to note that stolen assets include SOL, EVM tokens, and BTC, so the risk is not limited to a single token type. Even if you operate a small mining farm and store earnings in software wallets, it is wise to check whether you use vulnerable extensions and keep seed phrases offline.
What to Do?
If you mine and use Trust Wallet or its extension, follow simple, proven steps to reduce the risk of losses. These actions require no special knowledge and are suitable for owners of one to a thousand devices.
- Immediately disconnect any computer with the Trust Wallet extension installed from the network and do not reconnect it until the situation is verified — this minimizes further fund transfers.
- Do not enter seed phrases into the extension or import keys into browser plugins until official clarifications are provided; if you have already entered your seed phrase, monitor suspicious transactions for future claims.
- Follow official Trust Wallet announcements and researcher updates; only resume using the extension after official instructions.
For additional context on address substitution mechanisms and similar attacks, see the article on what is address poisoning, which covers practical protection methods. If your funds were stolen, preserve transaction evidence and contact Trust Wallet support and relevant security services.