Trust Wallet will cover $7M lost in Christmas Day hack, CZ says

Trust Wallet users lost about $7 million in a Christmas Day exploit that had been planned since early December.

Trust Wallets browser extension version 2.68 was compromised by a security incident impacting desktop users, Trust Wallet said in a Thursday X post; it advised users to upgrade to version 2.89.

Changpeng Zhao, co-founder of Binance, which owns the cryptocurrency wallet that claims to serve 220 million users, said in a Friday X post that the lost funds will be covered.

Cryptocurrency wallet exploits have been an increasing threat to digital asset investors. Personal wallet compromises accounted for 37% of the value stolen in 2025, if the $1.4 billion Bybit hack in February is excluded, according to Chainalysis.

Crypto hack volume over time, personal wallet hack proportion with 2025 adjustment scenario for the Bybit hack. Source: Chainalysis.com

Still, the $7 million Trust Wallet exploit pales in comparison to some of the biggest wallet hacks. In February 2024, the co-founder of play-to-earn game Axie Infinity, Jeff Zirlin, lost $9.7 million worth of Ether (ETH) to a suspected wallet exploit.

Related: Crypto hack counts fall but supply chain attacks reshape threat landscape

Crypto industry watchers raise insider concerns following Trust Wallet exploit

The orchestrators of the attack on Trust Wallet had been preparing the exploit as early as Dec. 8, wrote Yu Xian, co-founder of blockchain security firm SlowMist, in a Friday X post. A machine translation of his post read:

“The attacker started preparations at least on [Dec. 8], successfully implanted the backdoor on [Dec. 22], began transferring funds on [Christmas Day], and thus was discovered.”

The backdoor code was also collecting users‘ personal information, which was sent to the attacker’s server.

According to onchain detective ZachXBT, “hundreds” of Trust Wallet users were affected.

Source: Cos

Some industry watchers pointed to signs of potential insider activity from the exploit, as the attacker was able to submit a new version of the Trust Wallet extension on the website.

“This kind of 'hack' is not natural. The chances of insider is high,” intergovernmental blockchain adviser Anndy Lian wrote in a Friday X post.

Related: CZ proposes fix to address poisoning after investor loses $50M

Zhao agreed that the exploit was “most likely” an insider.

SlowMist‘s Xian also noted that the attacker was “very familiar with the Trust Wallet extension’s source code,” which enabled them to implement the backdoor code necessary to collect sensitive user information.