Trust Wallet Expedites Reimbursements for Binance Users Following $7M Extension Breach
Trust Wallet leverages Binance infrastructure to fast-track claims for victims of the v2.68 Chrome extension hack as TWT holds steady at $0.93.
Trust Wallet has initiated a fast-track reimbursement process for victims of its Christmas Eve Chrome extension hack, specifically prioritizing users who funded their compromised wallets via Binance. The move comes two weeks after a supply chain breach in version 2.68 drained approximately $7 million in user assets.
According to an official update, victims who previously transferred funds from a Binance account to their Trust Wallet before December 24, 2025, are eligible for accelerated identity verification. These users will receive instructions via their original support tickets to submit video verification, leveraging Binance’s existing KYC infrastructure to bypass the standard, lengthier manual review process.
The malicious extension v2.68 was NOT released through our internal manual process. Our current findings suggest it was most likely published externally through a leaked Chrome Web Store API key.
The "Shai-Hulud" Vector
The breach, identified as part of the broader “Shai-Hulud” supply chain campaign, exploited a critical lapse in key management. Attackers utilized a leaked Chrome Web Store (CWS) API key to upload a malicious version (v2.68) directly to the store, bypassing Trust Wallet’s internal code review protocols.
Once installed, the compromised extension used the open-source analytics library posthog-js to harvest mnemonic phrases and exfiltrate them to the attacker-controlled domain api.metrics-trustwallet.com. The attack window was brief but devastating, remaining active from December 24 until the release of the patched v2.69 on December 26.
Market Impact & Recovery
Despite the severity of the incident, Trust Wallet Token (TWT) has remained resilient. The token is trading at $0.93, down just 0.7% in the last 24 hours, suggesting the market has priced in the reimbursement guarantee backed by Binance. Losses totaled $7 million, primarily in Bitcoin and Ethereum, with $4 million already laundered through services like ChangeNOW and FixedFloat.
This incident underscores the fragility of Web3 supply chains, where a single leaked API credential can circumvent entire security departments. While the “SAFU” fund coverage has mitigated retail panic, the reliance on Binance for expedited claims highlights the centralized dependencies often lurking behind non-custodial tools.
