Image: https://x.com/DegenerateNews/status/2004283308059083250/photo/1
Incident Background and Latest Disclosures
Recently, on-chain investigator ZachXBT issued a critical security alert through social media and blockchain monitoring tools, revealing a vulnerability in the Trust Wallet browser extension. This flaw enabled the unauthorized transfer and theft of crypto assets from hundreds of users in a short time frame. Preliminary monitoring estimates place the total stolen amount at no less than $6 million.
The news spread rapidly across the crypto community, drawing significant attention from both users and industry professionals. ZachXBT’s monitoring data shows that several wallet addresses experienced suspicious outflows simultaneously. These funds were routed to unknown addresses or intermediary accounts and subsequently moved again.
Analysis of Losses and Impacted User Scale
Recent tracking data indicates that several hundred victims have been identified, with losses spanning multiple blockchains and assets—including, but not limited to, ETH, BTC, and SOL. The irregularities were not isolated to a single chain but were distributed across many wallet addresses, highlighting the event’s substantial scale.
In his latest update, ZachXBT emphasized that the sheer number of affected wallets makes it difficult to verify losses for each address. However, the preliminary estimate already exceeds $6 million, and this figure may rise as additional victims report their losses.
Stolen Funds Flow and Attack Patterns
Current analysis of fund movements suggests these thefts are tied to the browser extension vulnerability, especially when users import private keys or seed phrases, exposing themselves to significant risk. Multiple victims reported that their funds were drained rapidly to unknown accounts, indicating attackers had immediate access.
On-chain data shows that the attacks were highly automated, with stolen funds quickly dispersed and transferred across chains. This pattern differs from traditional hacks and more closely resembles a supply chain exploitation targeting hot wallet extension vulnerabilities.
Trust Wallet Official Response and User Actions
Image: https://x.com/TrustWallet/status/2004316503701958786
Trust Wallet has issued a security alert confirming that version 2.68 of the browser extension contains a critical vulnerability. Users are advised to immediately disable this version and upgrade to 2.69 or higher to mitigate risk. The official statement also clarified that the mobile app and other extension versions are not affected by this vulnerability.
Impacted users should take the following steps:
- Immediately stop using the outdated extension and upgrade to the latest version \
- If funds remain in your wallet, transfer them promptly to a cold wallet or another secure solution \
- Report stolen assets through official support channels and retain all related on-chain evidence for investigation \
Security Lessons and Industry Impact
This incident highlights the ongoing challenge of balancing user experience and security in self-custody wallets. While browser extensions offer convenience, they also raise the risk of private key exposure and malicious activity. When users import mnemonic or seed phrases directly into extensions with vulnerabilities, assets can be drained within minutes.
Industry security experts recommend that users prioritize private key management, use hardware wallets or thoroughly audited security solutions, and avoid entering seed phrases into unverified clients or extensions. This event may also prompt wallet developers to enhance supply chain security assessments and code audits, strengthening overall ecosystem defenses.
Summary
ZachXBT’s latest disclosure of the Trust Wallet browser extension vulnerability underscores the critical need for crypto users to prioritize wallet security and remain vigilant about extension risks. In this incident, hundreds of users lost at least $6 million, prompting the community to re-examine self-custody wallet security. Users should act quickly to implement security measures, monitor official updates, and adopt safer asset management strategies to prevent similar incidents in the future.
