TL;DR
- Hack Impact: Trust Wallet suffered a $7 million exploit on Christmas Day, with attackers targeting desktop extension users through version 2.68.
- Binance Response: CZ confirmed Binance will reimburse victims in full, stressing its commitment to user safety. The move highlights Binanceās proactive stance amid rising wallet-targeted hacks.
- Insider Concerns: Experts flagged signs of insider involvement, citing attacker familiarity with source code and ability to push a malicious update.
Trust Wallet, the Binance-owned crypto wallet serving over 220 million users, has pledged to reimburse $7 million lost in a Christmas Day exploit. The breach targeted desktop users through a compromised browser extension, raising alarms across the industry. Binance co-founder Changpeng Zhao (CZ) confirmed the losses will be covered. At the same time, cybersecurity experts warned the attack bore hallmarks of insider involvement.
Trust Wallet(@TrustWallet) has been exploited, with hundreds of users affected and over $6.77M stolen so far.
The hacker has already sent ~$4.25M to ChangeNOW, FixedFloat, KuCoin, and HTX.
CZ(@cz_binance) has stated that Trust Wallet will fully cover the losses.
Check hackerā¦ pic.twitter.com/6xjyOaxUEK
— Lookonchain (@lookonchain) December 26, 2025
Christmas Day Exploit Shakes Users
The incident unfolded on December 25 when attackers exploited Trust Walletās browser extension version 2.68. According to blockchain security firm SlowMist, preparations began as early as December 8, with a backdoor implanted by December 22. Funds were siphoned on Christmas Day, affecting hundreds of users. Trust Wallet advised users to upgrade to version 2.89 to mitigate risks.
CZ Commits to Covering Losses
So far, $7m affected by this hack. @TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused. š
The team is still investigating how hackers were able to submit a new version. https://t.co/xdPGwwDU8b
— CZ š¶ BNB (@cz_binance) December 26, 2025
CZ announced that Binance would ensure affected users are reimbursed for the $7 million stolen. His statement underscored Binanceās commitment to user protection amid rising wallet-targeted hacks. While the amount pales compared to larger breaches such as the $9.7 million loss suffered by Axie Infinity co-founder Jeff Zirlin in 2024, the Trust Wallet case highlights vulnerabilities in widely used extensions.
Insider Activity Suspicions
Industry voices, including intergovernmental blockchain adviser Anndy Lian, suggested the exploit was āmost likelyā an insider job. SlowMist noted the attackerās deep familiarity with Trust Walletās source code, enabling them to embed malicious functions that exported sensitive user data. The ability to submit a new extension version to the official site further fueled suspicions of insider access.
Rising Threats to Personal Wallets
Chainalysis data shows personal wallet compromises accounted for 37% of stolen value in 2025, excluding the $1.4 billion Bybit hack. This trend underscores the growing risks individual investors face compared to centralized exchange breaches. The Trust Wallet exploit, though smaller in scale, reinforces the urgency of stronger supply chain protections and vigilant user practices in safeguarding digital assets.
