The December 2025 hack of Trust Wallet resulted in a theft of approximately $7 million, impacting 2,596 verified wallet addresses. Attackers exploited vulnerabilities in the Chrome browser extension, targeting users of version 2.68 between December 24 and 26. This incident highlights the significant risks that crypto-friendly small and medium enterprises (SMEs) face due to inadequate verification processes and reliance on hot wallets.
Following the attack, nearly 5,000 users submitted reimbursement claims, revealing the operational challenges that arose during the compensation process. The situation demonstrated how gaps in user verification can complicate recovery efforts and strain resources for companies like Trust Wallet, which primarily serves individual users but also has implications for fintech firms and decentralized autonomous organizations (DAOs).
The Trust Wallet incident underscores the necessity for SMEs involved in cryptocurrency to enhance their security measures. Vulnerabilities such as compromised browser extensions and stolen API keys can lead to significant financial losses, emphasizing the need for robust internal controls to mitigate these risks.