Trust Wallet has launched a wallet verification phase amid attempts to reimburse victims after its Chrome extension was compromised on December 25. The wallet stated that it had received close to 5,000 claims, yet it had identified only 2,596 compromised addresses. Trust Wallet has updated its response strategy to incorporate wallet verification processes amid a rise in claims of compromised wallet addresses. The company has flagged thousands of compromised addresses, yet it claims to have received more claims than initially anticipated. The excessive claims imply that non-victims may have submitted fraudulent claims or that actual victims duplicated their submissions. Trust Wallet to verify wallet addresses for reimbursement 2/ We’re prioritising accuracy over speed to protect affected users, and we aim to share further work-in-progress details as soon as we can, likely tomorrow. So far, we’ve identified 2,596 affected wallet addresses. From this group, we’ve received around 5,000 claims which… — Eowync.eth (@EowynChen) December 28, 2025 Trust Wallet CEO Eowyn Chen issued an update regarding the browser extension incident that occurred on Christmas Day, resulting in a $7 million loss. Chen explained that the wallet was improvising ways to handle the situation and urged Trust Wallet users that it would prioritize accuracy over speed when reimbursing victims. The executive emphasized that internal investigations flagged 2,596 addresses, yet it received close to 5,000 claims. The executive noted that the influx in claims is likely due to false claims or duplicate submissions from users attempting to access reimbursement for themselves. Chen explained that the fraudulent claims prompted the wallet to take appropriate measures to ensure accurate verification of wallet ownership is critical to ensure the right victims regain access to their funds. Chen also noted that the Trust Wallet team is continuing to conduct further investigations to confirm wallet addresses by combining multiple data points, thereby distinguishing between legitimate users and opportunists and exploiters. She detailed that the investigation and compensation process are the company’s top priorities and urged all team members to actively focus on the issue at hand. Trust Wallet’s browser extension was hacked Trust Wallet suffered a malicious hack through its Chrome extension, resulting in the loss of $7 million from unsuspecting users. The hack followed Trust Wallet’s recent release of version 2.68 of its Chrome browser extension, which had malicious code disguised as an analytics module. When users opened their version 2.68 wallets or keyed in their seed phrases, the hidden code secretly captured and transmitted that data to a fake domain (metrics-trustwallet.com) that was registered just days before the new version was released. The malicious data transfer granted the hackers access to seed phrases, which they used to remotely restore wallets and drain users’ funds. Some of the assets drained from victims after the hack include Bitcoin, Ethereum, Solana, and BNB Chain. Cryptopolitan previously reported on December 28 that the wallet had initiated compensation plans, which included victims submitting claims through an online form on Trust Wallet’s portal. Binance founder and former CEO Changpeng Zhao commented on the hack, confirming that Trust Wallet will fully reimburse all victims. He also informed users that the investigating team was working on uncovering how the hackers managed to sneak the malicious code into the version 2.68 release of the Trust Wallet browser extension, hinting at possible insider involvement. However, Trust Wallet has not confirmed insider involvement in the hack. CZ also assured users that their “funds are SAFU.” Blockchain Security firm SlowMist added that the hackers may have been familiar with the extension’s source code, which enabled them to successfully carry out the attack and had prepared well in advance of the day of the attack. After draining the funds from victims, the hacker proceeded to use centralized exchanges and chain bridges for laundering and swapping. SlowMist also reported that the malicious browser extension exported users’ personal information, in addition to their wallet information and passwords. Such data could be sold on the dark web for about $100, according to a Cryptopolitan coverage dated December 28. Join a premium crypto trading community free for 30 days - normally $100/mo.
