Within just a few hours, funds from hundreds of wallets were suspiciously transferred due to a vulnerability in the Trust Wallet Chrome extension, resulting in losses of at least $6 million. Attackers injected a PostHog JS script to collect user wallet information, and the patched version has yet to fully resolve this risk.
In 2025, Web3 security losses soared to approximately $3.35 billion, with attack incidents showing a trend of "fewer events but larger single-incident losses."
01 Incident Overview
Trust Wallet, a leading non-custodial crypto wallet with around 17 million monthly active users and roughly 35% market share, was widely impacted by this security breach.
After the attack, on-chain investigator ZachXBT detected and disclosed the incident. Hundreds of Trust Wallet users reported abnormal fund outflows from their wallet addresses within the past several hours.
What’s more concerning, security experts have pointed out that even upgrading to the patched version does not fully eliminate the risk, as the problematic PostHog JS script remains in the update.
02 Nature of the Vulnerability
A textbook case of supply chain attack. According to SlowMist security experts, the core issue lies in attackers using technical means to implant malicious code into the extension. The attackers must have been highly familiar with the wallet’s extension source code to execute such an attack.
Long-standing security risks of plugin wallets. This is not Trust Wallet’s first security incident. Back in November 2022, its browser extension was found to have a WebAssembly vulnerability that led to the theft of about $170,000.
Limitations of official patches. While Trust Wallet released a patched version, security experts warn that risks persist. This highlights the complexity and delays often involved in patching plugin wallets.
03 Industry Security Landscape
Web3 security remains challenging this year. CertiK’s report shows that losses from hacks, scams, and vulnerabilities reached about $3.35 billion in 2025, up from $2.446 billion in 2024.
Attacks are trending toward "fewer but more severe" incidents. CertiK notes that if you exclude the massive Bybit incident (around $1.447 billion), the overall stolen funds are lower than last year, indicating a pattern of fewer attacks but larger losses per event.
Supply chain attacks are becoming mainstream. The 2025 report shows supply chain attacks caused the highest total losses, while phishing incidents were the most frequent.
04 Historical Vulnerabilities in Major Wallets
Plugin wallets have long been a weak link in the crypto ecosystem, with several major wallets experiencing security incidents. Here are a few notable cases from recent years:
MetaMask’s "Demonic" vulnerability: In 2022, MetaMask faced a vulnerability called "Demonic," affecting versions prior to 10.11.3, where private keys could be exposed in browser memory. Fortunately, there were no known large-scale fund losses.
Phantom’s security controversy: Early in 2025, the Phantom wallet extension was embroiled in a security dispute. One user lost $500,000, attributed to private keys being stored unencrypted in memory. This led to a class-action lawsuit filed in the Southern District of New York.
Rabby Wallet’s Swap vulnerability: In 2022, Rabby Wallet’s Swap feature had a vulnerability that allowed hackers to steal about $200,000 in crypto assets. Notably, this flaw originated from the built-in Swap function, not the extension itself.
05 Prevention Guidelines and Emergency Measures
As crypto security threats grow more complex, users need to take a series of steps to safeguard their assets.
Core preventive measures: First, disconnect from the internet and transfer your assets immediately. If you’re using a potentially vulnerable wallet version, make sure to go offline before exporting your mnemonic phrase and moving your funds.
Next, rigorously verify extension sources. Only download wallet extensions from the official Chrome Web Store and avoid using plugins from third-party sources.
Regular updates and secure backups. Keep all crypto-related software up to date, and store your mnemonic phrases offline in a secure location.
Platform security choices: For those seeking higher levels of security, storing and trading assets on reputable centralized exchanges is a wise choice. Platforms like Gate, which employ multiple security mechanisms and separate hot and cold wallets, offer users an extra layer of protection.
Mainstream exchanges such as Gate typically maintain security funds and enforce strict fund monitoring systems, playing a crucial role in protecting user assets.
06 Market Response and Gate’s Role
Market sentiment turns cautious. Due to security incidents and year-end liquidity factors, the crypto market has shifted toward caution. Data shows today’s Crypto Fear & Greed Index is at 20, indicating "Extreme Fear" in the market.
Major Cryptocurrency Market Performance
Below are the latest prices for major cryptocurrencies in public markets. Please note that real-time prices on Gate may differ; refer to official Gate data for specifics:
- Bitcoin (BTC): approximately $88,853.76, up 1.44% in 24 hours
- Ethereum (ETH): approximately $2,969.15, up 1.02% in 24 hours
- Solana (SOL): approximately $122.81, up 0.33% in 24 hours
- Ripple (XRP): approximately $1.86, down 0.24% in 24 hours
- Dogecoin (DOGE): approximately $0.1255, down 2.29% in 24 hours
It’s worth noting that the Trust Wallet security incident underscores the importance of transacting on platforms like Gate, which enforce robust security measures.
The industry is moving toward greater maturity. The 2025 security report shows that while total losses have increased, the DeFi sector is demonstrating signs of improved security maturity.
This suggests that as security measures continue to improve and user awareness grows, the entire crypto ecosystem is becoming more resilient and trustworthy.
Outlook
In the crypto market, the meme coin WhiteWhale hit a record market cap on Solana, surging 33.82% in 24 hours and surpassing $18 million. This speculative frenzy stands in sharp contrast to the challenging security landscape.
Following the Trust Wallet vulnerability, more users are migrating to mainstream platforms that prioritize security. As SlowMist security experts emphasize, users should disconnect from the internet before transferring assets, reflecting the high level of responsibility required in personal asset management.
