Trust Wallet Chrome Extension Breach Drains ~$7M in Crypto, Raises Browser Supply‑Chain Security Alarm

What happened

Trust Wallet has confirmed a security incident involving its Google Chrome browser extension (version 2.68), in which malicious code was introduced that exfiltrated wallet mnemonic data and resulted in approximately $7 million in cryptocurrency losses. The code reportedly iterated through stored wallets and sent decrypted seed phrases to an attacker‑controlled server, allowing unauthorized transfers of assets including Bitcoin, Ethereum, and Solana. Trust Wallet has urged users of the affected version to disable it immediately and update to version 2.69. 

Who is affected

The compromised Chrome extension version 2.68, used by an estimated one million users according to the Chrome Web Store listing, is the only affected component; mobile app users and other extension versions are not impacted. Victims include hundreds of desktop users whose wallets were drained after installing or updating to the malicious version. 

Why CISOs should care

This incident underscores key enterprise risk vectors: a supply‑chain attack via a browser extension, abuse of developer API keys to publish malicious code, and the potential for widespread compromise through trusted platforms like Chrome Web Store. Modern threat actors increasingly target ecosystem trust boundaries rather than direct software vulnerabilities, meaning even widely used components can become attack vectors. CISOs overseeing cloud, endpoint, or crypto‑native environments must treat extension ecosystems as part of their attack surface. 

3 practical actions

1. Audit and inventory browser extensions: Maintain an up‑to‑date inventory of sanctioned extensions, and enforce policies restricting or monitoring installations via endpoint management tools.
2. Implement supply‑chain monitoring: Use automated tools and CI/CD checks to verify code provenance and detect unauthorized releases or compromised API keys tied to published artifacts.
3. Educate and alert users: Issue targeted alerts to teams using crypto‑related tools, and provide guidance on verifying extension authenticity and avoiding unofficial channels that may distribute malicious updates.