Plugin Wallet Security Incident Overview: Plagued by Fake Software and Phishing Attacks, Fewer Direct Official Vulnerabilities
BlockBeats News, December 26: This morning, Trust Wallet, the largest non-custodial cryptocurrency wallet by user base, issued a security alert confirming a security vulnerability in browser extension version 2.68. On-chain detective ZachXBT revealed that hundreds of Trust Wallet users have had their funds stolen, with losses totaling at least $6 million. Trust Wallet has been downloaded over 2 billion times, with approximately 17 million monthly active users, holding about 35% market share, making this security incident far-reaching. A look back at security incidents encountered by several mainstream browser extensions:
In November 2022, Trust Wallet's browser extension was found to have a WebAssembly vulnerability, affecting only new wallet addresses created between November 14 and 23, 2022. Approximately $170,000 was stolen. Trust Wallet discovered the issue through a bug bounty program, fixed the vulnerability, and fully compensated affected users.
In 2022, MetaMask experienced the "Demonic" vulnerability, impacting older versions before 10.11.3, where private keys could be exposed in the browser's memory. However, no significant fund losses were reported. Subsequently, from 2023 to 2025, MetaMask's official wallet extension operated securely but was frequently targeted by counterfeit extension programs. A Chainalysis report indicated a surge in MetaMask user abnormal theft events in 2025, mainly due to counterfeit malicious software and phishing rather than inherent plugin wallet security. MetaMask now releases monthly security reports, but as a popular Ethereum plugin wallet, it remains a prime target for counterfeiting.
In 2022, Phantom (the primary Solana wallet extension) also faced the "Demonic" vulnerability, with no known significant fund losses. Early 2025 saw a security controversy involving the Phantom wallet extension, where a user lost $500,000 due to private keys being in clear text in memory, leading to a hacker attack and resulting in a class-action lawsuit filed in a southern district court of New York. Phantom's official statement strongly denied all allegations, stating that the lawsuit was "baseless" and emphasizing that Phantom is a non-custodial wallet, placing the responsibility for fund security on the user.
In 2022, Rabby Wallet (a DeFi-friendly extension) suffered a hack where approximately $200,000 in encrypted assets were stolen due to a Rabby Swap vulnerability, which was not from the plugin itself but from the built-in Swap feature.
The most common theft method for browser extension wallets is through counterfeit application downloads. In 2025, there were multiple concentrated outbreaks of such incidents in the Firefox store, affecting several popular crypto extension wallets such as MetaMask, Phantom, and Trust Wallet. On the other hand, direct official vulnerabilities of the extensions are less common. It is recommended that users only download from the official Chrome Web Store to ensure the security of their funds.
You may also like
Perplexity Fine-Tuned a Chinese AI Model to Match Claude Opus 4.8 at One-Third the Cost
Bank of Korea defends bank-first stablecoin plan amid bill deadlock
JPMorgan says bitcoin's main risk isn't Strategy, but blockchain adoption that doesn't benefit public chains and tokens
Fear & Greed Index Today: What Extreme Fear Means for Crypto, Stocks and Gold
Labour MPs Push to Make UK Crypto Donation Ban Permanent
Supreme Court ruling expanding Trump's authority over federal agencies raises questions for SEC, CFTC as crypto rulemaking advances
'Bottom building in progress': Analysts say bitcoin holder capitulation signals late-stage bear market
A Comprehensive Analysis: Starting from 1996, Who is Laying the Foundation for the Next Generation of Capital Markets
Luke Dashjr, the Biggest Anti-Spammer of Bitcoin, Inscribed Phrases on the Network in 2011
Whales bought 270,000 BTC while ETFs bled $7 billion. One side is wrong
The crypto IPO class of 2025-26 is down as much as 89%. Autopsy of a listing boom
Robinhood Chain Mining Guide: A Comprehensive Tutorial from Cross-Chain to Memecoin
BitGo CEO says single-digit percentages of bitcoin's supply are 'probably right' for large holders amid Strategy's sale
Beyond Private Keys: How to Safeguard the Security Boundaries of Web3 from Wallets, L2 to Supply Chains?
Vanguard Enters the Market, Opening a New Crypto Gateway for 50 Million Traditional Investors
Why the OUSD Alliance of 150 Companies Still Cannot Shake USDT and USDC?
Citigroup Analysis: Is There Still 47% Upside for Nvidia? Can Rubin and CPO Deliver?
WEEX API Fast Connect: Turn Every Sign-In Into a Live Trader in Under 10 Seconds
WEEX API Fast Connect is a one-click OAuth authorization system that lets your users link their WEEX account without ever touching an API key. Frictionless onboarding, faster conversions, higher retention — built for WEEX Broker partners.


