Trust Wallet’s Chrome browser extension has been taken offline following a bug that blocked the rollout of a critical update aimed at helping victims of a recent $7 million hack.
Quick Summary – TLDR:
- Trust Wallet’s Chrome extension was temporarily removed due to a bug in the Chrome Web Store.
- The update was supposed to include tools to verify and process reimbursements for victims of a major hack.
- Over 2,500 wallets were confirmed compromised, but Trust Wallet received around 5,000 reimbursement claims.
- Users are urged to avoid fake extensions and await the official release.
What Happened?
The Trust Wallet Chrome extension has been temporarily removed from the Chrome Web Store due to a technical bug encountered during the release of a new version. The update was crucial, as it included features meant to help victims of a recent $7 million breach submit verification codes to claim reimbursements. Google has acknowledged the issue and is working to resolve it.
Some may have noticed that the @trustwallet Browser Extension is temporarily unavailable on the Chrome Web Store. We hit a Chrome Web Store bug 😢 while releasing a new version that includes a feature to help reimbursement claimants submit verification codes from their extension…
— Eowync.eth (@EowynChen) December 31, 2025
Chrome Bug Interrupts Crucial Security Update
The extension’s removal comes at a critical time. Trust Wallet recently suffered a sophisticated supply chain attack, now identified as “Sha1-Hulud,” that targeted blockchain developers through compromised npm packages. This allowed attackers to steal development secrets, including the Chrome Web Store API key and source code for the extension.
Using these stolen credentials, the attacker was able to upload a malicious version of the Trust Wallet extension. The breach went undetected for a time and ultimately led to a loss of around $7 million in user funds on Christmas Day.
To mitigate the damage, Trust Wallet prepared a browser extension update to help users verify their identity and claim reimbursements. However, that update never reached users due to the Chrome Web Store bug.
Thousands of Claims Raise Red Flags
In a statement shared on X, Trust Wallet CEO Eowyn Chen said the company had verified 2,596 wallet addresses impacted by the attack. Surprisingly, the firm has already received approximately 5,000 reimbursement claims, signaling a wave of duplicate or false submissions. Chen noted:
The delayed update included a tool requiring users to submit a verification code, helping to filter out fake claims and confirm wallet ownership. Until the issue is resolved, the reimbursement process remains on hold.
Experts Suspect Insider Involvement
Several security experts, including Binance co-founder Changpeng Zhao (CZ) and blockchain adviser Anndy Lian, have publicly suggested that the hack may have involved an insider. Lian remarked, “This kind of ‘hack’ is not natural. The chances of an insider are high.”
Their suspicion stems from the attacker’s in-depth understanding of the codebase and internal development environment, raising concerns about Trust Wallet’s internal security protocols.
Users Warned to Avoid Fake Extensions
While the Chrome extension remains offline, Trust Wallet is urging users to stay vigilant. Multiple fraudulent versions of the extension may appear, attempting to exploit the current situation. Users should refrain from downloading any version of the extension until the official release is restored to the Chrome Web Store.
Trust Wallet continues to investigate the attack and is working to strengthen its internal security systems to prevent similar breaches in the future.
SQ Magazine Takeaway
Honestly, this whole situation highlights the fragile state of browser-based crypto tools. A single compromised npm package and an exposed API key turned into a $7 million loss. What’s more worrying is that the update meant to protect users and help them recover their funds got blocked too. I strongly recommend users double-check every extension they download and stay glued to Trust Wallet’s official channels for the real update. It’s not just about recovering funds now, it’s about trusting that this won’t happen again.
