Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Trust Wallet Chrome extension mnemonic leak

Data Leak
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Trust Wallet's Google Chrome extension version 2.68 exposed decrypted mnemonic phrases to api.metrics-trustwallet[.]com, putting affected users' wallet seed data at risk. The leak mattered because those phrases could be used to drain wallets, and investigators tied the activity to about $7 million in losses and hundreds of victims. Users were told to update to version 2.69 as soon as possible.

Related Happenings

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

FakeWallet crypto wallet phishing campaign targeting users in China

Campaign
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...

Latest development: 24.04.2026 14:48

Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.

Open Happening

Trust Wallet hit by network compromise

Incident
First: 02.01.2026 16:19 Last: 02.01.2026 16:19 Sources 1

How related: According to details shared by SlowMist, version 2.68 introduced malicious code that's designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet.

About this happening: **Trust Wallet** said its **Chrome extension** was likely compromised through the **second iteration of Shai-Hulud** in **November 2025**, exposing **GitHub secrets** and a **Chro...

Open Happening

Shai-Hulud Chrome extension trojanized backdoor with wallet mnemonic theft

Malware Activity
First: 31.12.2025 18:29 Last: 31.12.2025 18:29 Sources 1

About this happening: The **Shai-Hulud** supply-chain operation delivered a trojanized **Google Chrome extension** build with a backdoor that could steal **wallet mnemonic phrases**, creating a direct...

Open Happening

Trust Wallet seed-phrase phishing campaign using fix-trustwallet[.]com

Campaign
First: 26.12.2025 11:47 Last: 26.12.2025 11:47 Sources 1

About this happening: A **parallel phishing campaign** is exploiting the Trust Wallet panic, using **fix-trustwallet[.]com** and **X accounts** to push victims toward a fake fix and steal **wallet reco...

Open Happening

Timeline

  1. 26.12.2025 17:31 2 articles · 5mo ago

    Trust Wallet extension begins exfiltrating decrypted mnemonics

    Exploitation Observed

    Trust Wallet's Google Chrome extension version 2.68 began sending decrypted mnemonic phrases to api.metrics-trustwallet[.]com after wallet unlock, marking the start of the exposed data flow affecting browser-extension users.

    Show sources
    Open in new tab
  2. 26.12.2025 17:31 1 articles · 5mo ago

    Trust Wallet urges extension update to 2.69 and refunds affected users

    Mitigation Patch Update

    Trust Wallet urged users to update the Google Chrome extension to version 2.69, warned users to avoid messages outside official channels, said about $7M had been impacted, and promised refunds for affected users; investigators also said the incident had affected hundreds of victims.

    Show sources
    Open in new tab