Cyberattack on Trust Wallet Exposes Security Gaps for Cryptocurrency-Friendly SMEs

$7 Million Cyberattack on Trust Wallet

The cyberattack on Trust Wallet, which occurred between December 24 and December 26, 2025, exposed major vulnerabilities for cryptocurrency-friendly small and medium-sized enterprises (SMEs). This incident highlighted the risks faced by SMEs even when attacks are directed at individual users, resulting in a significant loss of approximately $7 million and affecting 2,596 verified wallet addresses.

Key Points of the Incident

Trust Wallet promptly provided updates to users, recommending an upgrade to version 2.69 to eliminate the malicious code. However, the compensation process revealed gaps in user verification, complicating the handling of compensation claims. Additionally, the excessive use of hot wallets has been identified as a significant risk factor for SMEs.

Involvement in the Cryptocurrency Community

Although Trust Wallet promised reimbursements, the incident temporarily affected user trust in browser-based wallets. Experts emphasize that many users were not aware that browser extensions function as hot wallets, thereby exposing them to malware and supply chain threats. The attack has also sparked discussions about managing one's funds, highlighting hardware wallets as safer options.

Recurring Vulnerabilities for SMEs

SMEs often face risks related to supply chain attacks, over-reliance on hot wallets, and social engineering. It is essential for them to implement security measures, such as long-term storage of assets and two-factor authentication, to reduce exposure to these threats.