Trust Wallet Moves to Verification Phase After Christmas Day Browser Extension Hack

Quick Breakdown 

• Trust Wallet confirmed 2,596 affected wallets, but received nearly 5,000 reimbursement claims.
• The Christmas Day browser extension hack led to about $7M in losses, which will be fully covered.
• A forensic investigation is ongoing amid concerns of possible insider involvement.

 

Trust Wallet says it has entered a verification stage in its response to the Christmas Day exploit that hit its browser extension, after discovering a significant gap between the number of confirmed affected wallets and the reimbursement claims received.

2/ We’re prioritising accuracy over speed to protect affected users, and we aim to share further work-in-progress details as soon as we can, likely tomorrow.

So far, we’ve identified 2,596 affected wallet addresses. From this group, we’ve received around 5,000 claims which…

— Eowync.eth (@EowynChen) December 28, 2025

The wallet provider confirmed it identified 2,596 compromised wallet addresses, but has received nearly 5,000 reimbursement requests, raising concerns about false or duplicate claims.

Verification takes priority over speed

In a statement shared on Monday, Trust Wallet CEO Eowyn Chen said the company is now focused on verifying wallet ownership to ensure compensation goes to legitimate victims.

“

Accurate verification of wallet ownership is critical to ensure funds are returned to the right people

,”

Chen said, adding that the team is cross-checking multiple data points to filter out malicious or invalid claims.

Chen noted that while the company understands the urgency for users, it is prioritising accuracy over speed to prevent further abuse of the compensation process. Additional updates will be shared as verification continues.

$7M losses covered after extension compromise

Trust Wallet previously

on December 26 that its browser extension was compromised in a targeted attack affecting desktop users, leading to approximately $7 million in losses.

Binance co-founder Changpeng Zhao, whose exchange owns Trust Wallet,

all losses would be fully reimbursed.

Cybersecurity firm SlowMist later

that the malicious extension not only drained funds but also exported users’ personal information, intensifying concerns around the nature of the attack.

Insider concerns and ongoing forensic probe

SlowMist co-founder Yu Xian

the attacker appeared to have planned the exploit for weeks and demonstrated deep familiarity with Trust Wallet’s source code.

Onchain investigator ZachXBT earlier

that hundreds of users were impacted. At the same time, some industry observers suggested the ability to push a malicious extension update could indicate access beyond a typical external breach.

Trust Wallet has not confirmed whether insiders were involved. Chen said the company is conducting a broader forensic investigation and has already formed “strong working hypotheses” for several cases, though some data is still being finalised.

Meanwhile, MoonPay entered into a multi-year strategic partnership with Trust Wallet, making it the default provider for the wallet’s “Buy Crypto” feature over the next two years, starting with customers in the United States.