In a major security breach shaking the crypto community, popular non-custodial wallet Trust Walletconfirmed that hackers exploited a critical vulnerability in its browser extension, draining roughly $7 million worth of digital assets from hundreds of users across multiple blockchain networks.
The incident, linked to version 2.68 of the Trust Wallet extension, saw unauthorized transactions and the illicit transfer of funds, prompting urgent warnings for users to disable the compromised version and update to the patched release.
Reports reveal that all victims have one thing in common before the hack, they installed the Trust Wallet browser extension.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
In a tweet on X, the company wrote,
“We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69. Please note: Mobile-only users and all other browser extension versions are not impacted.”
Trust Wallet and its parent ecosystem have pledged to cover losses as users’ funds are SAFU. The team is still investigating how hackers were able to submit a new version.
The incident comes amid a surge in high-profile exploits and phishing campaigns. One of the defining features of 2025 has been the scale of high-profile exploits. While exploits targeted platforms, phishing campaigns targeted people, and in 2025, these attacks became more convincing and dangerous than ever.
Cybercriminals increasingly shifted away from generic scam emails toward highly targeted campaigns aimed at specific victims, including developers, traders, and high-net-worth crypto holders. Wallet-draining phishing links, fake airdrops, and malicious “security update” prompts flooded social media platforms like X, Telegram, and Discord.
Many of these scams tricked users into signing malicious transactions or approving unlimited token allowances, giving attackers direct access to their funds without ever needing private keys. Also, centralized exchanges, once considered safer than decentralized alternatives, became prime targets.
The most notable incident was the massive Bybit hack, which reportedly saw attackers drain over $1 billion worth of Ethereum in a single operation, making it one of the largest crypto thefts ever recorded.
Beyond Bybit, other exchanges and trading platforms also suffered losses ranging from tens to hundreds of millions of dollars, often through hot-wallet compromises and supply-chain attacks.
A Chainalysis report revealed that over $3.4 billion has been stolen in 2025, with the February Bybit compromise alone accounting for $1.5 billion of that total.
Stolen fund activity in the crypto ecosystem has long been characterized by outliers, with most hacks remaining relatively small while a handful result in enormous losses. However, Chainalysis notes that 2025 marks a significant escalation in this pattern. For the first time on record, the ratio between the largest single hack and the median loss across all incidents has exceeded the 1,000x threshold.
According to the report, this means that funds stolen in the largest attacks are now more than 1,000 times greater than those lost in a typical hack, surpassing even the extreme disparities observed during the 2021 bull market. These figures are calculated using the U.S. dollar value of assets at the time they were stolen, underscoring the real-time financial impact of these breaches.
Chainalysis further highlights that this widening gap has led to an unprecedented concentration of losses. In 2025, the top three hacks alone account for 69% of all service-related losses, fundamentally reshaping how annual theft totals are distributed. As a result, overall loss figures are increasingly driven by a small number of catastrophic events rather than a broad increase in smaller incidents.
Meanwhile, centralized services are experiencing increasingly large losses due to private key compromises. Despite their institutional resources and professional security teams, these platforms remain vulnerable because of this fundamental security challenge.
North Korea remains a dominant crypto threat actor, despite fewer confirmed incidents. In 2025, North Korean hackers stole at least $2.02 billion in cryptocurrency ($681 million more than in 2024), representing a 51% increase year-over-year.
The persistence of high theft volumes indicates that while some areas of crypto security may be improving, attackers continue to find success across multiple vectors.
Outlook
The Trust Wallet incident and the broader trends observed in 2025 point to a more dangerous and asymmetric security environment for the crypto industry. Losses are becoming increasingly concentrated in a small number of high-impact events, raising systemic risk across the ecosystem.
Looking ahead, wallet providers and exchanges will need to invest more heavily in code integrity, access controls, and internal review processes to prevent hacks.