The fallout from Trust Wallet’s Chrome extension incident intensified on December 26 after Changpeng Zhao (CZ), weighed in publicly, suggesting the breach may have involved an insider. The comment came as Trust Wallet confirmed that roughly $7 million in user funds have been affected so far.Sponsored
Insider Access as Key Line of InvestigationCZ said Trust Wallet will fully reimburse impacted users and stressed that customer funds remain safe. However, he added that investigators are still examining how a compromised browser extension update was able to pass through distribution controls, calling an insider role “most likely.” The statement amplified concerns around internal access and update governance, rather than an external exploit alone.Trust Wallet later confirmed that the incident affected Browser Extension version 2.68 only, reiterating that mobile users and other versions were not impacted. Sponsored
The company said it is finalizing reimbursement procedures and will issue clear instructions to affected users. Meanwhile, users should remain cautious against phishing attempts posing as official support.
Update on the Trust Wallet Browser Extension (v2.68) incident:We’ve confirmed that approximately $7M has been impacted and we will ensure all affected users are refunded.Supporting affected users is our top priority, and we are actively finalizing the process to refund the… Trust Wallet (@TrustWallet) December 26, 2025
The insider angle has drawn particular attention within the crypto security community. Browser extensions require signing keys, developer credentials, and approval workflows to publish updates. Sponsored
For a malicious or compromised build to be distributed through the official Chrome Web Store, investigators typically look at either credential compromise or direct internal access. Both scenarios point to weaknesses in operational security rather than a traditional software vulnerability.Such risks are not theoretical. Over the past year, several high-profile browser extension incidents have stemmed from hijacked developer accounts or compromised release pipelines.Sponsored
TWT Token Briefly Dips Before ReboundingMarket reaction reflected the uncertainty. Trust Wallet’s native token, TWT, saw a sharp sell-off following the initial reports on December 25. However, prices stabilized and rebounded on December 26 after confirmation that losses were limited and refunds would be issued. TWT Token Price Chart. Source: CoinGeckoWhile Trust Wallet has moved quickly to contain the incident, the episode reflects a broader industry challenge. As crypto wallets increasingly rely on browser extensions, update security and insider risk management are emerging as critical attack surfaces, not secondary concerns.
