BlockBeats news, on December 26, this morning, Trust Wallet, the non-custodial crypto wallet with the largest user base, officially issued a security alert, confirming a security vulnerability in the browser extension version 2.68. On-chain detective ZachXBT disclosed that hundreds of Trust Wallet users have had their funds stolen, with losses amounting to at least $6 million. Trust Wallet has accumulated over 200 million downloads, with approximately 17 million monthly active users, holding about 35% of the market share, making this security incident widely impactful. A review of security incidents encountered by several mainstream browser extensions is as follows:
In November 2022, the Trust Wallet browser extension was also found to have a WebAssembly vulnerability, affecting only new wallet addresses created between November 14 and 23, 2022. This led to the theft of approximately $170,000 in funds. Trust Wallet identified the issue through its bug bounty program, fixed the vulnerability, and fully compensated the affected users.
In 2022, MetaMask experienced the “Demonic” vulnerability, affecting older versions prior to 10.11.3, where private keys could be exposed in browser memory, but no known large-scale fund losses occurred. From 2023 to 2025, the official MetaMask wallet extension operated securely, but was frequently affected by counterfeit extensions. A Chainalysis report indicated a surge in abnormal theft incidents among MetaMask users in 2025, primarily due to counterfeit malware and phishing, rather than the security of the extension wallet itself. MetaMask has been releasing monthly security reports, but as a popular Ethereum extension wallet, it remains a primary target for counterfeiting.
Phantom (the main Solana wallet extension) was also affected by the “Demonic” vulnerability in 2022, but similarly, no known large-scale fund losses occurred. In early 2025, a security controversy involving the Phantom wallet extension emerged, where a user lost $500,000, attributed to private keys being stored unencrypted in memory by Phantom, leading to a hacker attack, and a class-action lawsuit was filed in the Southern District of New York. Phantom officially issued a statement strongly denying all allegations, calling the lawsuit “baseless,” and emphasized that Phantom is a non-custodial wallet, with responsibility for fund security resting with the user.
In 2022, Rabby Wallet (a DeFi-friendly extension) suffered a hack that stole approximately $200,000 in crypto assets due to a Rabby Swap vulnerability, which originated not from the extension itself but from the built-in Swap feature.
The most common method of theft for browser extension wallets is through counterfeit app downloads, with multiple such incidents concentrated in the Firefox store in 2025, affecting mainstream crypto extension wallets like MetaMask, Phantom, and Trust Wallet. In contrast, direct official vulnerabilities in extensions are relatively rare. It is recommended that users download only from the official Chrome Web Store to ensure fund security.
