December 29, 2025 — According to Gate market data, the price of Bitcoin hovered around $89,000 after a period of volatility. The price of Ethereum was approximately $3,000. At the same time, the cryptocurrency industry was focused on a sudden security incident and the resulting trust crisis.
The well-known crypto wallet Trust Wallet has officially launched a compensation process for victims affected by a hack targeting its browser extension. The incident resulted in losses of about $7 million and impacted thousands of users.
01 Incident Recap
On December 25, 2025, on-chain investigator ZachXBT was the first to sound the alarm, reporting that multiple Trust Wallet users had experienced unauthorized withdrawals from their wallets over the previous few hours. The timing was particularly notable—it occurred just after Trust Wallet released an update to its Chrome extension.
According to analysis by the SlowMist security team, the attacker was clearly very familiar with the extension’s source code. They injected malicious PostHog JS code to collect sensitive wallet information from users.
Even more concerning, the malicious code was not fully removed even after Trust Wallet released a patched version, leaving users exposed to ongoing risk.
The wallet team quickly confirmed the security incident and clarified that the issue only affected version 2.68 of the Trust Wallet browser extension. They urgently advised all users of this version to immediately disable it and upgrade to version 2.69. They also emphasized that users of the mobile app and all other browser extension versions were not affected.
02 Attack Vector and Scale of Losses
The sophistication of this attack drew significant attention from security experts. Rather than exploiting an external vulnerability, the attacker directly targeted Trust Wallet’s update mechanism.
According to monitoring data from PeckShieldAlert, the attacker transferred about $4 million in assets to major centralized exchanges. Roughly $3.3 million was sent to ChangeNOW, about $340,000 to FixedFloat, and approximately $447,000 to KuCoin.
On-chain analyst Specter further revealed that the total amount stolen from users was around $6.7 million. Notably, the vulnerability had already been exploited two days before ZachXBT made the public disclosure. The three wallets with the largest losses saw about $3.5 million, $1.4 million, and $747,000 stolen, respectively. The first two wallets had been dormant for one year and over two years before the attack.
Trust Wallet CEO Eowyn Chen stated that the attack occurred between December 24 and December 26, 2025. This incident has become one of the largest wallet-related security breaches of the year.
03 Compensation Challenges and Industry Response
Following the incident, Binance co-founder Changpeng Zhao publicly stated: "Trust Wallet will cover the losses; user funds are safe." While this commitment offered some reassurance to victims, the actual compensation process has proven to be far more complex.
Trust Wallet is currently facing around 5,000 compensation claims. A significant portion of these are duplicate or clearly fraudulent, creating major challenges for the verification process.
To address this, Trust Wallet is implementing multiple verification steps, cross-checking wallet ownership using various data points to identify legitimate victims.
Meanwhile, SlowMist Chief Information Security Officer 23pds offered urgent advice to users: "There are still ongoing thefts. If you’re using an affected version of Trust Wallet, disconnect from the internet first, then export your recovery phrase and move your assets. Otherwise, if you open the wallet online, your funds could be stolen."
04 Security Lessons and Industry Impact
The Trust Wallet incident comes at a pivotal time for the crypto industry as it seeks greater mainstream compliance. Many observers see 2025 as a "watershed year" for the institutionalization of cryptocurrencies, with regulatory frameworks like the US GENIUS Act and the EU’s MiCA regulations gradually taking effect.
Against this backdrop, security breaches stand out even more.
This incident exposed several critical vulnerabilities in crypto wallet security: browser extension update mechanisms can be exploited, code audits may be insufficient, and security response times need improvement. As the OneSafe editorial team noted, this attack "highlights the need for better security and verification processes across the industry."
It’s worth noting that although the number of compromised personal wallets surged from 64,000 last year to 158,000 this year, the proportion of stolen funds relative to the total dropped from 44% to 20%. This suggests that while attack frequency is rising, the industry’s overall defense capabilities and response mechanisms are improving.
For everyday users, this incident offers valuable lessons:
- Be cautious with browser extension updates, especially for tools that manage assets
- Always keep software up to date, but only download updates from official sources
- Consider using hardware wallets for storing large sums
- Regularly review wallet activity and set up transaction alerts
05 Current Market Conditions and Gate User Recommendations
The Trust Wallet incident occurred during a period of heightened volatility in the crypto market. As of December 29, 2025, Bitcoin’s price had fallen about 25% from its all-time high of $126,000 set in October. Over the same period, data shows that in the past 24 hours, total liquidations across the market reached $127.63 million.
In such an environment, security incidents can have an outsized negative impact. For Gate users, this event is a timely opportunity to reassess their own asset security strategies.
Gate offers users a wealth of market data and risk management tools, including real-time liquidation heatmaps that help identify areas of market stress and potential reversal points. These tools are especially important during volatile periods, as large-scale liquidations of leveraged positions can accelerate price swings.
| Recent Performance of Major Crypto Assets | Price (USD) | Drawdown from All-Time High | Market Status |
|---|---|---|---|
| Bitcoin (BTC) | ~89,600 | ~25% | Consolidating at high levels |
| Ethereum (ETH) | ~3,000 | ~40% | Facing competitive challenges |
Note: The prices above are approximate values based on public data. For actual trades, please refer to real-time data on the Gate platform.
Market data shows that Bitcoin and Ethereum spot ETFs have seen sustained net inflows, serving as a "ballast" throughout the year. Meanwhile, the total market cap of stablecoins has historically surpassed $310 billion, with daily settlement volumes now rivaling traditional payment giants like Visa and PayPal. These developments indicate that despite short-term volatility and security challenges, the long-term fundamentals of the crypto industry continue to strengthen.
Outlook
As Trust Wallet processes compensation claims, a practical challenge has emerged: how to identify genuine victims among roughly 5,000 applications? Trust Wallet is addressing this by verifying wallet ownership through multiple data points.
The crypto industry’s security perimeter has expanded from protecting the "vault" itself to safeguarding every pathway leading to it. Browser extensions, API keys, signing processes, and even seemingly harmless third-party analytics code can all become entry points for attackers.
On platforms like Gate, asset custody is managed by professional teams using multiple layers of security. For those who choose self-custody, it’s crucial to exercise extra caution before clicking the "update" button every time.
