Trust Wallet Cryptocurrency Wallet Hacker Incident: CZ Promises $7 Million Full Compensation

Year-end and holiday season, the cryptocurrency community faces a major security crisis. Trust Wallet, previously considered safe and reliable, was targeted by a sophisticated hacking attack during Christmas, resulting in approximately $7 million worth of user funds being stolen. This incident has once again sounded the alarm for the security of cryptocurrency wallets and has prompted industry-wide deep reflection on wallet application protections.

Sophisticated Backdoor Discovered: How Cryptocurrency Wallets Are Breached

The v2.68 version of Trust Wallet’s browser extension became the breach point for hackers. Blockchain security firm SlowMist founder Yu Xiantong discovered through technical comparison that the compromised version contained malicious code hidden within a backdoor. This code used the PostHog tool to continuously collect users’ private information, including critical seed phrases, and transmitted this sensitive data to the attacker’s server api.metrics-trustwallet[.]com.

Analysis indicates that the preparation for this attack began as early as early December. The attacker started preparations at least from December 8, successfully embedded the backdoor code by mid-December, and finally began large-scale transfer of user funds on Christmas day, only to be discovered later by the platform. The series of precise timing and technical execution has led many industry insiders to suspect internal involvement.

Suspicious Internal Signs: Is the Hacker Really an Outsider?

Notably, the attacker was able to submit a new version of Trust Wallet’s extension directly on the official website, a capability far beyond that of ordinary external attackers. SlowMist pointed out that the hacker “is very familiar with the source code of Trust Wallet extension,” enabling them to design the backdoor logic with precision.

Industry experts therefore speculate that this attack may involve internal personnel, as the authority to submit new versions is usually tightly controlled. Although this conclusion has not been officially confirmed, it indeed adds complexity to the incident. CZ himself also acknowledged this possibility on social media, stating that an investigation is needed into how the hacker gained the permission to submit new versions.

Cryptocurrency Wallet Risks Rise: Industry Data Sounds Alarm

This Trust Wallet security incident is not an isolated warning. According to blockchain analysis firm Chainalysis, the problem of stolen crypto assets is escalating worldwide. In 2024, the total amount stolen has exceeded $3.4 billion, with the February Bybit theft alone causing an astonishing loss of about $1.5 billion.

By 2025, incidents of personal wallet theft have surged to 158,000, affecting 80,000 different victims. Although the total stolen amount ($713 million) has decreased compared to 2024, the sharp increase in the number of incidents indicates that attacks targeting individual crypto wallets are becoming more common.

CZ Official Response: Compensation Promise and Investigation Launch

Binance founder CZ quickly responded the day after Christmas, officially announcing that Trust Wallet will fully compensate all affected users’ losses. In his X platform statement, he emphasized: “This hacker attack has caused a loss of $7 million. Compensation will be provided. User funds are safe.”

Meanwhile, the Trust Wallet team has begun investigating the specific intrusion path, focusing on how the attacker gained the permission to submit new versions. The results of this investigation will be crucial to understanding the nature of the incident.

User Protection Upgrades: Self-Defense for Cryptocurrency Wallet Users

After the incident, Trust Wallet recommends all users on v2.68 immediately upgrade to the patched v2.69 version. This is the first line of defense and an essential step.

More broadly, this event serves as a reminder for all cryptocurrency wallet users to heighten vigilance. Whether using browser extensions, mobile apps, or hardware wallets, security should be the top priority when choosing. Users should regularly check for application updates, verify official sources, avoid operating on insecure networks, and consider storing large assets in offline wallets or cold storage solutions.

The security of cryptocurrency wallets directly relates to the safety of user assets, and this Trust Wallet incident is a profound reminder to the entire industry.