In what is called the “Christmas Heist”, Trust Wallet, after its latest update on the Chrome extension, lost funds anywhere from $6 million to $7 million in a recent attack on 24th December 2025. From reports coming from the industry, users experienced a full drain of their accounts once they entered the seed phrase into the latest Trust Wallet browser extension 2.68.
The assets that were lost included those of the Ethereum, Bitcoin, and Solana networks. The post-attack on-chain forensic report suggests that there were zero delays or staging in the attack that performed ultra-fast transactions. The extremity of the attack was that the funds were drained in a matter of minutes. Within hours of the attack, ZachXBT, an independent blockchain investigator, reported the fund loss to be around $6 million. As per the detailed chain analysis, it was found that the stolen funds were transferred to multiple accounts. Included in them is a brand new account that alone holds 255 ETH worth around $750,000. It was also reported that more than 12 BTC was moved through a single account.
Trust Wallet Issues Official Confirmation and Emergency Patch
Following the incident, Trust Wallet came out with a public announcement where it confirmed that version 2.68 of the browser extension was compromised. It also urged users to move to version 2.69 immediately.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
— Trust Wallet (@TrustWallet) December 25, 2025
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
From detailed reports, it has come to notice that none of the mobile wallets and previous versions of the browser wallet were affected.
However, there is widespread criticism that the warnings came late, nearly 30 hours after the initial reports came in. By that time, the fund transfers continued through to late December 25th. While Trust Wallet has issued a public warning, it has not issued any reports regarding whether it was the update itself that caused the breach.
Through an independent on-chain forensics attempt, ZachXBT noted how $4 million out of the initial $6 million was quickly moved through centralized exchanges like ChangeNOW, KuCoin, and FixedFloat. This is seen as an immediate cash-out attempt by the attackers.
Binance to the Rescue: CZ Confirms SAFU Reimbursement for Trust Wallet Victims
Since Trust Wallet is co-owned by Changpeng Zhao, founder of Binance, he assured that the users who lost funds will be reimbursed through Binance’s SAFU (Secure Asset Fund for Users). Zhao also stated that nearly $7 million was lost in the attack that happened on the 24th.
At the moment, Binance has also joined the investigation. It is trying to uncover how the breach occurred. The primary steps involve analyzing how the malicious behavior passed the checks post the update. However, no official reports regarding the investigation have been released so far. The analysts who are working behind the investigation and recovery process have advised reviewing transactions, revoking permissions, and moving funds to new wallets. According to them, the new wallets with fresh seed phrases will help secure the remaining assets.
The incident has raised much concern over the security and future of browser wallets. It has been witnessed in the past that faulty updates can expose seed phrases and can even alter or manipulate the transaction data.
