Key Highlights
- 27, 2025 at 10:37 am UTC Share Cover art/illustration via CryptoSlate.
- Image includes combined content which may include AI-generated content.
- Trust Wallet's Chrome extension shipped a malicious update in December, exfiltrating wallet data and draining roughly $7 million from hundreds of accounts before the company pushed a fix. The compromised version 2.68 was live for days, auto-updating in the background, the way browser extensions are designed to.
- Users who followed every standard self-custody rule, such as never sharing their seed phrase, checking URLs, and using reputable wallets, still lost funds. The attack targeted the browser layer, not the blockchain, and it exposed a persistent trade-off that the industry has spent years trying to ignore: browser-extension wallets are always-on hot wallets sitting in one of the most hostile environments in computing. This wasn't an isolated case.
- MetaMask's security team documented a fake Google Chrome extension called “Safery: Ethereum Wallet” that lived in the official Chrome Web Store from late September until mid-November, stealing seed phrases. Chainalysis estimates that crypto theft reached $3.4 billion in 2025, with personal wallet compromises accounting for 20% of that total, or $713 million.
