ZachXBT flags suspected Trust Wallet extension issue as users report drained funds

Security concerns have emerged around the Trust Wallet browser extension on 25 December, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update, prompting warnings from developers and security-focused accounts.

According to posts circulating on X, the issue may stem from a suspected supply-chain compromise introduced in a 24 December browser extension update. 

Newly added code within the extension could silently exfiltrate sensitive wallet data when users import a seed phrase. The claims suggest that this has led to immediate wallet draining.

Alleged Trust Wallet malicious code and data exfiltration claims

Developers examining the extension allege that a JavaScript file added in the update contains logic disguised as analytics. 

The code is said to activate specifically when a seed phrase is imported. It then silently transmits wallet-related data to an external domain designed to resemble official Trust Wallet infrastructure.

The domain referenced in the reports was reportedly registered only days ago and has since gone offline. 

Researchers argue that its recent creation and the timing of the extension update raise concerns about a coordinated supply-chain attack rather than user-side phishing.

Users report wallet drains following seed imports

Multiple users have reported wallets being drained shortly after importing seed phrases into the Trust Wallet browser extension. 

Publicly shared estimates suggest that more than $2 million may have been lost. Although these figures have not been independently verified.

Analysts indicate that funds were routed through multiple addresses, a pattern more commonly associated with automated exploitation than isolated user error.

Scope appears limited to browser extension

At this stage, there is no indication that Trust Wallet’s mobile applications are affected. 

The warnings circulating online are focused specifically on the browser extension. This is where update mechanisms and third-party dependencies present higher supply-chain risk.

Users are advised not to import seed phrases into the Trust Wallet browser extension until further clarification is provided.

No official response from Trust Wallet yet

As of the time of writing, Trust Wallet has not issued any public response, clarification, or security advisory addressing the allegations. 

There has been no confirmation or denial of the claims, nor any announcement of an extension, rollback, or emergency patch.

Investigation ongoing

Researchers have emphasized that the situation remains under active investigation. Conclusions should not be drawn until the extension code and related on-chain activity have been fully reviewed.

If confirmed, the incident would represent a serious supply-chain compromise.

This is a class of attack that differs significantly from phishing or user-side mistakes. Also, it has historically resulted in rapid, large-scale losses across the crypto ecosystem.

Final Thoughts

• The allegations point to a potentially serious supply-chain risk affecting wallet extensions, underscoring how code updates can become a critical attack vector if compromised.
• With no response yet from Trust Wallet, users and researchers are left relying on independent investigation as scrutiny around the incident continues.