CZ Hints at Possible Insider Role

CZ hinted at possible insider involvement in the Trust Wallet incident while assuring users that their funds would be reimbursed.

Crypto wallet provider Trust Wallet has confirmed a security incident affecting a specific version of its browser extension, after several reports from users that funds were drained from their wallets over a short period of time.

The issue was first flagged publicly by on-chain investigator ZachXBT, who issued a community alert warning that multiple Trust Wallet users had experienced unauthorized outflows from their addresses within hours.

Sudden Wallet Drains

While the exact cause was initially unclear, ZachXBT noted that the reports coincided with a recent update to the Trust Wallet Chrome extension. Shortly thereafter, blockchain security firm SlowMist issued a security alert confirming a vulnerability in Trust Wallet Browser Extension version 2.68, and urged users to immediately disable the extension and upgrade to version 2.69 through the official Chrome Web Store.

According to SlowMist’s preliminary findings, the incident may involve a supply chain attack, where malicious code was potentially injected into the extension. This possibly allowed attackers to exfiltrate users’ seed phrases when the wallet was unlocked and transmit them to a malicious website.

Based on early estimates, hundreds of wallets are believed to be affected. Trust Wallet later acknowledged the incident on X, confirming that version 2.68 of its browser extension was impacted.

The company said that mobile-only users and all other browser extension versions were not affected by the vulnerability. Trust Wallet also advised users who had not yet upgraded to avoid opening the extension until the update was completed. The company warned that continued use of the affected version could expose them to further risk.

ZachXBT subsequently provided another update stating that affected users would be compensated.

You may also like:

CZ Addresses The “Hack”

Meanwhile, Binance founder and Trust Wallet owner Changpeng “CZ” Zhao also addressed the situation publicly and said that Trust Wallet would cover the losses linked to the incident. He also said that user funds remain secure. CZ estimated that around $7 million had been impacted and described the incident as a hack. He also hinted at an insider involvement, which could mean that the breach may have included internal access or knowledge.

The episode adds to growing concerns around browser-based wallet security, particularly as supply chain attacks and malicious updates have become an increasingly common vector for crypto theft.

The Trust Wallet incident comes amid a broader rise in high-profile exploits, hacks, and phishing campaigns across the crypto sector. Blockchain analytics firm Chainalysis estimated more than $3.4 billion in cryptocurrencies has been stolen from January through early December, slightly higher than the $3.38 billion recorded over the same period last year. Interestingly, compromises related to personal wallets have witnessed a significant growth over recent years. The figure rose from just 7.3% of total stolen value in 2022 to 44% in 2024.