bit engine

Trust Wallet suffered a major security vulnerability! Do not import mnemonic phrases and upgrade to 2.69 as soon as possible, at least $6 million has been stolen

👤 nrvae@Penny 📅 2026-04-03 15:45:53

Trust Wallet confirmed this morning that browser extension version 2.68 has a fatal vulnerability, which will cause on-chain losses and users must immediately upgrade to 2.69.
(Preliminary summary: CZ retweet detonated the Trust Wallet token TWT soaring by 40%; pointing to the era of 1 billion Web3 users)
(Background supplement: What is the "Wallet as a Service" WaaS launched by Trust Wallet, analysis of advantages and disadvantages, can it become mainstream in the future? )

Cryptocurrency wallet Trust Wallet A major security alert was issued at around 6 a.m. today (26th), confirming that version 2.68 of its browser extension has a serious vulnerability, leading to the outflow of user assets. On-chain detective ZachXBT tracking shows that the number of victims has reached hundreds, and the loss was first estimated at about $6 million.

For users who haven't already updated to Extension version 2.69, please do not open the Browser Extension until you have updated. This may help to ensure the security of your wallet and prevent further issues.

— Trust Wallet (@TrustWallet) December 26, 2025

Vulnerability details and loss scale

The official notice pointed out that the affected objects are users who have installed version 2.68 extensions on the mobile version. Trust Wallet emphasized in the announcement:

"We have released a patch for version 2.69, please all browser extension users to upgrade immediately."

If you are also a Trust Wallet user and have installed version 2.68, "Please do not import the mnemonic phrase" and it is best to upgrade through the official link of the Chrome Online App Store. Mnemonic phrases imported in a contaminated environment are best treated as leaks, and it is best to create a new wallet and migrate the balance (it is recommended that assets be transferred to other brand wallets before the official problem is completely solved).

The malicious script 4482.js sneaked in through official updates

It is understood that the attacker inserted a file named 4482.js during the packaging process and claimed to be used for "Analytics". When it detects that the user enters the mnemonic phrase, it sends the data to the registered domain metrics-trustwallet.com, and then uses automated scripts to quickly withdraw assets from the EVM compatible chain, Bitcoin and Solana.

At present, individual victims have reported losses ranging from tens of thousands to hundreds of thousands of dollars. We will continue to track the official next step for potential compensation.

Label:
policy
share:
FB X YT IG
nrvae@Penny

nrvae@Penny

Blockchain and cryptoassets editor, focusing onpolicyDomain content analysis and insights

Comment (10)

Willow
Willow 86days ago
Ecological prosperity is more important than a single technological breakthrough.
Gary
Gary 86days ago
Agreed, technology changes the world.
Nigel
Nigel 86days ago
What is the relationship between Web3 and blockchain?
Quinn
Quinn 86days ago
How does DAO make decisions and vote?
Ryan
Ryan 86days ago
What is the Gas War?
Steve
Steve 87days ago
At present, industry competition has turned to ecological competition.
Douglas
Douglas 87days ago
Newbie, what is a Merkel tree?
Irene
Irene 91days ago
Where should I start to get started with blockchain development?
Aubrey
Aubrey 110days ago
Supply chain finance is the perfect implementation scenario for blockchain.
Tristan
Tristan 115days ago
This part of cross-chain technology is particularly well written.

Add comment

Related content

Hong Kong Cryptocurrency OTC Robbery

Hong Kong Cryptocurrency OTC Robbery "1 Billion Yen Moved in 30 Seconds", the police arrested 15 people including the mastermind, and the stolen money has not yet been found

2026-04-03
Former Blockchain.com executive Jamie Selway joins the SEC and will serve as Director of Trading and Markets

Former Blockchain.com executive Jamie Selway joins the SEC and will serve as Director of Trading and Markets

2026-04-03
SEC Chairman Paul Atkins reiterates the goal of building a

SEC Chairman Paul Atkins reiterates the goal of building a "global cryptocurrency capital": returning to the regulatory mission and promoting Crypto+AI financial innovation

2026-04-03
Former Alameda Research CEO Caroline has left prison and been transferred to community supervision after serving only 11 months in prison

Former Alameda Research CEO Caroline has left prison and been transferred to community supervision after serving only 11 months in prison

2026-04-03
Trump's currency issuance was reported by the Taiwanese as

Trump's currency issuance was reported by the Taiwanese as "violating the Money Laundering Prevention Law", PTT encryption moderator: The Financial Supervisory Commission will not catch him soon

2026-04-03
Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

Is DAT hype dying? SEC investigates 200 “crypto treasury companies” for insider trading

2026-04-03

Popular content

Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to

Only sentenced to 3 years of probation! The 31-year-old lawyer's father is a judge, and he collaborated with the evil rich second generation to "defraud 400 million" and celebrated their success by taking drugs and having a sex party

2026-04-03
 Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

Bybit's 500,000 ETH stolen were all washed away and turned into hidden selling pressure? CEO issued an announcement clarifying: 77% of cash flow can be traced

2026-04-03
 Should PoS staking rewards be taxed immediately? U.S. couple's dissatisfaction with filing IRS lawsuit becomes the focus of discussion

Should PoS staking rewards be taxed immediately? U.S. couple's dissatisfaction with filing IRS lawsuit becomes the focus of discussion

2026-04-03
 Breaking news》U.S. Office of the Comptroller of the Currency: Banks can freely trade crypto assets and custody without prior approval

Breaking news》U.S. Office of the Comptroller of the Currency: Banks can freely trade crypto assets and custody without prior approval

2026-04-03
 Xiaohongshu was interviewed and punished by the Cyberspace Administration of China for

Xiaohongshu was interviewed and punished by the Cyberspace Administration of China for "damaging the Internet ecology". Chinese villagers applauded: It should have been punished long ago!

2026-04-03
 Who stole 127,000 Bitcoins? Tracking the truth from the

Who stole 127,000 Bitcoins? Tracking the truth from the "Killing Plate Empire" to the roadside mine

2026-04-03

Related sections

market analyze technology policy

Popular content

buy trx energy tron energy TRX Energy Market Low-Cost Energy TRON Energy Purchase Energy Pool Agency Direct Source Energy Pool TRON Energy Agency Leasing Robot Energy Agency Cooperation TRX Energy Lease TRX Energy Leasing TRON Energy Rental TRX Exchange Robot TRON Energy Leasing Telegram TRX Energy Robot Source Code TG Telegram Energy Robot Setup tron energy rental trx energy rental Buy Tron Energy