Trust Wallet Extension Bug Triggers $6M+ Crypto Losses, Forces Emergency Upgrade to Version 2.69

Key Takeaways:

• Trust Wallet confirmed a security incident affecting only Browser Extension version 2.68, prompting an urgent shutdown and upgrade.
• Reports from on-chain analysts link the flaw to over $6 million in stolen crypto across EVM chains, Solana, and Bitcoin.
• Mobile users and other extension versions remain unaffected, but the case raises broader concerns about wallet security and supply-chain risks in crypto.

Trust Wallet has issued an urgent warning after detecting a security incident tied to a specific version of its browser extension. The issue has triggered fund losses for some desktop users and forced the company to roll out an immediate fix.

Read More: Trust Wallet Launches New Loyalty Program for TWT, Targeting Mass Web3 Adoption

Trust Wallet Confirms Security Incident in Browser Extension

Trust Wallet disclosed that it identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. The company urged all users running that version to stop using it immediately and upgrade to version 2.69, which is now live on the official Chrome Web Store.

According to Trust Wallet, the incident does not impact:

• Mobile-only users
• Desktop users running extension versions other than 2.68

The team emphasized that the wallet’s core infrastructure remains intact and that the problem is isolated to a single desktop extension release.

Trust Wallet also instructed users who have not yet upgraded to avoid opening the extension entirely until version 2.69 is installed. Customer support teams are already engaging with affected users to provide next steps.

Reports of Stolen Funds Spark Community Alarm

The revelation came as the crypto community began to take a closer note of the matter when independent on-chain researcher ZachXBT published a series of user loss stories where users had interacted with the Trust Wallet Chrome extension and had lost their money soon after.

Some of the affected users reported that assets were emptied as soon as they were authorizing transactions in the extension. The first estimates provided to blockchain researchers indicate that they can lose a sum up to $6 million, and hundreds of wallets can be affected.

Some of the reported funds moved across:

• Ethereum and other EVM-compatible chains
• Solana
• Bitcoin

Although Trust Wallet has not ascertained the amount lost, the time scales of the thefts, immediately after version 2.68 was published caused a strong suspicion of the update process.

How the Vulnerability May Have Been Exploited

Possible Supply-Chain Weakness

Even though Trust Wallet has not published complete technical information, multiple security experts believe there is a supply-chain vulnerability added as part of the extension update operation. The malicious code may have been introduced or injected at the build or distribution stage, in this case, the attackers will be able to intercept sensitive wallet activities, like the signing of transactions or authorizing a session.

This theory is in line with user reports of transfer of funds anonymously to an unknown address after wallet authorization without incident. Trust Wallet has also established that it is under investigation and that it will publish more results after the analysis is over.

Read More: Trust Wallet Enables Direct Access to BNB Meme Rush, CZ’s Post Hits 650K Views

Official Response and Mandatory Upgrade Steps

Trust Wallet provided a concise list of guidelines to ensure the security of the users and avoid additional losses. The company emphasized that prior to reopening the extension, these steps were to be undertaken.

Key actions include:

• Turning off the Trust Wallet extension in Chrome
• Enabling Developer Mode
• Forcing a manual update to version 2.69
• Verifying the installed version number before use

The company once again repeated that users must not download updates through other sites or links but only through the official Chrome Web Store, which the company said was their official store.

What This Incident Reveals About Wallet Security

The Trust Wallet case indicates a systematic danger in crypto: even non-custodial wallets may fall prey to attacks in case their distribution channels are compromised.

Browser extensions continue to be particularly appealing targets since they:

• Interact directly with private keys and signing requests
• Operate in environments exposed to phishing and malicious scripts
• Depend on frequent updates that expand the attack surface

And, in contrast to smart contract exploits, wallet level hacks, in many cases, do not even utilize on-chain protection, and losses cannot be reversed or traced.

This incident is among the larger wallet-related security incidents in recent years, as Trust Wallet has more than 220 million users all over the world. Although the extent may seem to be limited to one version, the reputational effects may reach wider.