A recent hack on Trust Wallet exposed nearly $7 million in crypto from users. The attack happened just after Christmas, surprising many investors and worrying the crypto community. Although the loss was smaller than some major exchange hacks, the speed and secrecy of the attack caused panic.
User Funds Are “SAFU,” Says Changpeng Zhao
Binance founder Changpeng Zhao (CZ) moved fast to address the situation. He publicly confirmed that Trust Wallet would fully reimburse all affected users and emphasized that user funds remain “SAFU.”
CZ also said the team is actively investigating how the malicious code bypassed internal checks. His quick response helped stabilize sentiment and reassured users, highlighting the importance of strong leadership during crises.
What Went Wrong With Trust Wallet?
A cybersecurity researcher named Akinator found that the latest Trust Wallet browser extension update (version 2.68) contained hidden malicious code. This code secretly sent users’ wallet data to a fake phishing site called metrics-trustwallet.com. The domain had been registered just days before the attack and has since been taken offline.
Trust Wallet later clarified that the breach was limited to the 2.68 browser extension. Mobile users and those running other versions were not affected. Early findings suggest the vulnerability may have been introduced during the update submission process, allowing malicious code to slip through.
Once identified, Trust Wallet urged users to immediately update to version 2.69, which patched the exploit. The limited scope prevented broader losses, but the fact that a compromised update reached users raised concerns about oversight and quality control.
A Bigger Security Problem in Crypto
While $7 million is small compared to some historic breaches, the timing and context make the incident significant. According to Chainalysis, crypto thefts have already exceeded $3.14 billion in 2025. Nearly half of those losses came from a single Bybit hack, but a steady stream of smaller wallet and protocol exploits continues to erode trust.
Industry leaders warn that as crypto infrastructure grows, attack surfaces expand.
OKX founder Star Xu summed it up bluntly: security is never “done,” and even mature platforms remain vulnerable.
Community Reaction: Shock, Anger, and Betrayal
User reaction was intense and deeply personal. One victim, Yuna, said she opened her Trust Wallet after Christmas to find over $300,000 gone drained in just four minutes through transactions she never approved. Despite following strict security practices, the exploit shattered her confidence.
What fueled outrage wasn’t just the loss, but the response. Victims reported vague acknowledgments, no immediate public warnings, and little transparency. Yuna claims she identified over 500 affected users within hours, many losing life-changing sums. The incident has intensified calls for accountability, faster disclosures, and stronger protections.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author’s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
