Trust Wallet’s attempt to reimburse users hit by its $7 million Chrome extension hack has run into a fresh bottleneck. CEO Eowyn Chen said in an X update that investigators have tied the breach to 2,596 compromised wallet addresses, yet the team has already received about 5,000 reimbursement claims, a gap that points to heavy duplication and outright fake submissions.([forklog.com])
Trust Wallet Token (TWT) traded near $0.86 on Monday, roughly flat on the day and close to the level it bounced to after recovering from lows around $0.77 when the exploit first hit the market in late December.([abmedia.io])
Verification phase hits a wall
Chen described the current stage as a verification sprint that now matters as much as the original incident response. In her thread on X, she confirmed the 2,596 affected addresses figure and said the claims tally has almost doubled that count, which forces the team to treat every request as suspect until proven otherwise.([forklog.com])
“Because of this, accurate verification of wallet ownership is critical to ensure funds are returned to the right people.”([cointelegraph.com])
Chen said Trust Wallet now prioritizes accuracy over speed and that the team combines multiple data points to filter out fraudulent claims. That includes on chain activity for the compromised extension version, telemetry tied to the v2.68 build, and the history of earlier support tickets that users filed when their funds were first drained.([cointelegraph.com])
For legitimate victims, the result is a slower route to reimbursement than many expected when Binance founder Changpeng Zhao posted that “$7m [was] affected by this hack” and that “TrustWallet will cover” the losses.([tradingview.com]) The public guarantee removed doubt about whether users would be made whole. It also created a rich target for opportunists who now try to insert themselves into the payout queue.
How the Chrome extension breach set this up
The claims surge traces back to a supply chain style compromise of Trust Wallet’s Chrome browser extension. A malicious version 2.68 of the extension hit the Chrome Web Store on December 24, with injected code that exfiltrated seed phrases and other wallet data to an attacker controlled domain, then triggered automated drains across Bitcoin, Ethereum, Solana and BNB Smart Chain.([rescana.com])
Reports from security firms and Trust Wallet’s own posts indicate that the attack window ran until late on December 26, when the team pushed a fixed 2.69 release and publicly warned users to disable v2.68 and upgrade only through the official Chrome Web Store listing.([archive.ph]) Trust Wallet stressed that its mobile apps and other extension versions were not affected.
On December 26, the project confirmed in an X post that “approximately $7M has been impacted” and pledged to refund every affected user, while asking customers to ignore any outreach that did not originate from official channels.([archive.ph]) That commitment laid the groundwork for the reimbursement program that is now under strain.
Compensation portal becomes a new attack surface
Trust Wallet opened an official claims portal hosted on its support platform at trustwallet-support.freshdesk.com, where victims must submit their email, country, compromised wallet addresses, attacker addresses, transaction hashes and a fresh destination wallet for reimbursement.([villpress.com]) The depth of that data makes it harder for random scammers to fake a claim. It still allows anyone with partial knowledge of on chain activity to attempt impersonation or spam the queue.
Chen’s update that claims now far exceed confirmed victim addresses suggests that this is exactly what happened. ForkLog reported that Trust Wallet has already flagged a high share of submissions as duplicates or outright fraudulent and that engineers are cross matching claims against internal telemetry to avoid sending refunds to the wrong party.([forklog.com])
At the same time, external researchers and media reports have warned of cloned reimbursement pages and fake support accounts that try to harvest seed phrases from users who are already on edge after the hack, forcing Trust Wallet to repeatedly remind users that it will never ask for recovery phrases in the compensation flow.([bleepingcomputer.com])
Rising cost of cleaning up wallet breaches
The Trust Wallet episode lands in a year where targeted attacks on self custody tools have gone from niche to routine. Chainalysis figures cited by multiple reports put total crypto theft in 2025 above $3.4 billion, with hundreds of thousands of individual wallet incidents and roughly $713 million tied specifically to personal wallet compromises.([xt.com])
For projects that choose to reimburse users after a failure like the v2.68 incident, that cleanup has a second layer of risk. Every public promise to “cover” losses now invites a parallel wave of fake claims, on top of phishing campaigns that copy official branding and point victims to lookalike portals. The more visible the commitment, the more attractive the bounty for attackers who never touched the compromised software at all.
Chen said the team is still running a broader forensic investigation into the extension compromise while it processes claims and that further details on the reimbursement schedule will follow once verification work progresses.([cointelegraph.com]) For affected users, the message is clear. Getting repaid now depends as much on proving ownership as on proving that a hack ever happened.
