Loading...
[Trust Wallet to Compensate Users Affected by Security Incident] From December 24 to 26, 2025, version 2.68 of the Trust Wallet Browser Extension was compromised due to an API key leak, resulting in malicious code being uploaded. This incident affected 2,520 wallet addresses, with approximately $8.5 million in assets stolen. Investigations revealed that the incident was linked to the Sha1-Hulud supply chain attack in November, where attackers gained access to the Chrome Web Store API using leaked GitHub credentials. Trust Wallet has decided to voluntarily compensate affected users and has begun coordinating with victims who have contacted the official team to finalize the compensation process and ownership verification. Affected users are required to transfer their funds to a new wallet and submit a claim application. Over 5,000 applications have been received so far, and the team is reviewing them one by one. Trust Wallet has released a patched version 2.69 and has disabled the related permissions and credentials.