TrustWallet, a prominent self-custody wallet in the cryptocurrency industry, has recently experienced a serious security breach. This incident has raised concerns among users regarding the safety of their digital assets, and the document underscores a growing issue that many in the crypto community are now facing.
Malicious JavaScript Payload Identified
Cybersecurity experts have identified that a malicious JavaScript payload was injected into the v2680 build of TrustWallet's browser extension for Google Chrome. This attack took place between December 24 and 26, 2025, allowing hackers to intercept users' seed phrases. With access to these phrases, the attackers were able to restore wallets autonomously and steal over $7 million in various cryptocurrencies.
TrustWallet's Response to the Breach
The TrustWallet team has acknowledged the breach and confirmed the financial losses incurred by users. In response to this incident, they are actively working on a compensation program to assist those affected. Users are advised to remain vigilant and take necessary precautions to secure their digital assets during this troubling time.
The recent security breach at TrustWallet has led to alarming revelations, with reports indicating losses exceeding $43 million linked to suspicious addresses. For more details, see the full report on the situation here.
