Trust Wallet has entered a verification phase following a security breach involving its browser extension on Christmas Day. The incident affected desktop users and led to losses of about $7 million. Binance co-founder Changpeng Zhao said the losses will be fully covered.

Jamie Elkaleh, chief marketing officer at Bitget Wallet, said the incident highlights a “structural tension” in self-custodial wallet security. He said that while users control their private keys, “critical dependencies, such as centralized app store distribution and software updates, remain potential points of failure.”

Elkaleh added that a “compromised update mechanism can still expose large user bases to risk,” even without direct access to private keys.

Verification Begins as Claims Outpace Wallets

Today (Monday), Trust Wallet CEO Eowyn Chen said the company had identified 2,596 wallet addresses connected to the compromised extension.

At the same time, it received close to 5,000 reimbursement claims, suggesting that a portion may be false or duplicated. Chen wrote that “accurate verification of wallet ownership is critical to ensure funds are returned to the right people.”

She added that the team is “working diligently to verify claims,” using multiple data points to separate legitimate victims from malicious actors.

• Iranian Crypto Exchange Nobitex Loses $82M in Cyberattack as Israel–Iran Tensions Escalate
• CoinStats Hack: The $2 Million Crypto Heist that Left Traders Reeling
• From Binance to DeFi: Hacks, Bounties and Anonymous Security

The update marks a shift in the response. The focus has moved from estimating losses to managing the operational challenge of compensation while limiting abuse. Chen said the company is prioritizing accuracy over speed and plans to share further details as the investigation continues.

Industry Calls for Verifiable Wallet Software

According to Elkaleh, addressing this gap will likely require “more verifiable and resilient software delivery models,” including reproducible builds and stronger integrity checks. He also pointed to the need for “reduced reliance on centralized distribution channels,” alongside techniques that can limit the impact of interface-level compromises.

Over time, he said improving alignment between off-chain software delivery and on-chain security principles will be key to building trust in self-custodial systems.

Attack Shows “Source Code Familiarity”

Cybersecurity firm SlowMist reported that the malicious extension also exported users’ personal information. Its co-founder Yu Xiam said the attacker “appeared to have prepared the exploit weeks in advance and showed deep familiarity with the source code.”

Onchain investigator ZachXBT earlier estimated that hundreds of users were affected. Some industry observers said the ability to submit a malicious extension update suggested access beyond a typical external attack, according to Cointelegraph.

Trust Wallet has confirmed the breach but has not confirmed any insider involvement. Chen said a broader forensic investigation is underway. She wrote that “this process is ongoing today,” and that while some data is still being finalized, the team already has “strong working hypotheses for a portion of the cases.”