Trust Wallet Restores Chrome Extension After Supply-Chain Breach

After weeks of disruption, Trust Wallet has quietly brought its Chrome browser extension back online, closing a chapter on a security incident that exposed how fragile browser-based crypto tools can be when supply chains are compromised.

The restored release is more than a routine update – it is central to the platform’s attempt to separate real victims from a wave of fraudulent claims following a multi-million-dollar exploit.

At the heart of the incident was a malicious browser extension that circulated over the Christmas period, draining roughly $8.5 million from users before being detected. Trust Wallet says its newly released version, 2.71.0, introduces a verification-code system that allows customer support to confirm wallet ownership directly through the extension – a response to the unusually high number of false reimbursement requests that followed the breach.

Eowyn Chen explained that the extension’s brief disappearance from the Chrome Web Store was caused by a platform-side issue encountered during deployment of the upgraded version. Google has since acknowledged the problem, and the extension has now been reinstated. Chen has urged users to remain cautious, warning that fake lookalike extensions often surface after high-profile wallet incidents.

A Supply-Chain Attack, Not a Simple Exploit

Unlike many wallet hacks that rely on phishing or compromised private keys, this attack targeted the software distribution process itself. Investigators believe the breach was linked to the so-called Sha1-Hulud incident – a November supply-chain compromise that affected the npm software registry and rippled across thousands of crypto-related repositories.

Attackers reportedly prepared their infrastructure weeks in advance before releasing a tampered Trust Wallet extension just before Christmas. Once live, the malicious code quietly siphoned funds from users who updated or installed the extension, affecting more than 2,500 wallet addresses across multiple networks. White-hat security researchers later attempted to disrupt the attackers’ servers to limit further damage once the exploit was uncovered.

Importantly, Trust Wallet maintains that only the browser extension was affected. Its mobile applications remained secure throughout the episode.

Reimbursements Meet Reality

While Trust Wallet – which operates independently but is owned by Binance – has committed to reimbursing all verified victims, the claims process quickly became a problem of its own. The company received more than double the number of claims compared with confirmed affected wallets, forcing it to introduce stricter verification measures.

The episode underscores a growing reality for crypto users: browser extensions remain one of the ecosystem’s weakest links. Even well-established wallets are vulnerable when attackers compromise the tools developers rely on. For Trust Wallet, restoring the extension is only part of the recovery – rebuilding confidence after a supply-chain failure may prove to be the harder task.

Looking for ideas? Read our full guide to the best meme coins to invest in this year.