2025-12-26 18:25:18

Trust Wallet browser extension recently exposed a rather unsettling security incident——the official issued an emergency notice for version 2.68, recommending users immediately disable and upgrade to 2.69. The strange part is that many people never actively upgraded.

Here's what happened: if you installed version 2.67 and then restarted Chrome, the extension would automatically upgrade to 2.68. Once you performed any signing operation, your mnemonic phrase could potentially be leaked. This isn't a complex hacking method; it's a trap embedded within the update process.

The most troubling part is this—"security upgrades" should be the opposite of risk, but instead, they became an entry point for risk. Wallets aren't hacked because algorithms are cracked or through brute-force attacks; rather, something went wrong during software iteration. You use the wallet normally, sign a transaction as usual, and sensitive data that should never appear anywhere—seeds, mnemonic phrases, derived key materials—are exposed directly to attackers.

This incident is definitely a wake-up call. For Web3 users, every wallet version update requires extra caution.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

20 Likes

Reward
20
8
Repost
Share

Comment

0/400

NFTFreezer

· 2025-12-29 18:25

Honestly, this is ridiculous. Automatic upgrades end up digging a hole for you.

View OriginalReply0

LiquidityWitch

· 2025-12-29 15:11

This is outrageous. Automatic upgrades end up digging a hole for you. --- Trust Wallet's recent update is really dragging it down; upgrading has become the biggest risk. --- So now even wallet upgrades need to be cautious? Web3 really is a minefield step by step. --- Oh my, the mnemonic phrase was leaked directly. This isn't a security upgrade; it's like giving a gift to hackers. --- Automatic upgrade causing issues—who can handle this? --- Wait, did I also upgrade automatically that day? I need to check the version number quickly. --- Typical upgrade as a gift—truly incredible. --- No wonder people keep getting robbed; it turns out the risk is embedded in the upgrade process. --- Isn't this just opening a backdoor for hackers yourself? --- That 2.68 update was really outrageous, and the key point is it wasn't even an active upgrade.

View OriginalReply0

SatoshiLeftOnRead

· 2025-12-27 21:17

This is outrageous, upgrading actually gets you stabbed in the back Security upgrade turns into a security vulnerability, unbelievable Should I really uninstall Trust Wallet? I thought it was just a small bug, didn't expect to be exposed completely These days, you can't even trust your wallet Updating the chain link is a trap... the method is quite professional Can mnemonic phrases be leaked? This is just playing around, isn't it? No wonder everyone in the group has been complaining about Trust lately The upgrade itself has become the biggest risk point Looks like I need to manually control the version, automatic updates are too disgusting Better quickly check what version number is installed

View OriginalReply0

RektRecovery

· 2025-12-26 18:55

lmao so the "security update" was the exploit all along... classic web3 moment. auto-update into a honeypot? that's not a bug, that's just darwinism with extra steps.

Reply0

FOMOrektGuy

· 2025-12-26 18:55

Now this is crazy, the security update has become a backdoor instead, unbelievable

View OriginalReply0

Layer2Observer

· 2025-12-26 18:40

Automatically upgrading this design is ridiculous; it clearly wasn't thought through. --- From a source code perspective, this kind of vulnerability is actually due to poor permission management—quite basic. --- Wait, mnemonic phrases are exposed directly in memory? Isn't that a fundamental violation of key management standards? --- Honestly, the update mechanism should have a confirmation popup; it's shocking that a major project like this defaults to force installation. --- It seems that the security audit process for Web3 wallets really needs to be re-evaluated. --- Is version 2.68 still running in the wild environment? Does the official have any data? --- On the other hand, why weren't these issues caught during testing... what's going on with the code review process? --- Damn, trust is already fragile, and now it's even more heartbreaking. --- I need to clarify one thing: does this mean that a single signature operation can fully expose the mnemonic, or is it just a risk exposure? Further verification is needed. --- Wallet iteration should have strengthened trust, but instead it became a breach of trust—definitely worth reviewing.

View OriginalReply0

DisillusiionOracle

· 2025-12-26 18:31

Oh my, automatic upgrades are like setting traps? That's even more outrageous than being attacked. --- Trust level drops to zero directly, upgrading becomes a backdoor entry ticket. --- It's ridiculous, just signing a transaction with a mnemonic phrase and it's gone—who would think of that? --- It's the auto-update again causing trouble. Now I see browser prompts, I want to uninstall. --- Trust Wallet? More like Trust Trap, huh? --- So now even upgrades have to be handled as cautiously as guarding against thieves. --- How bad must their iteration process be to leak the mnemonic phrase? --- The most painful betrayal is from tools you trust. --- The mnemonic phrase is exposed directly during signing? Where are the security teams? --- Embedding traps in the update process is basically actively opening a backdoor for hackers. --- It's more reliable to keep your cold wallet yourself. These browser extensions really...

View OriginalReply0

DancingCandles

· 2025-12-26 18:28

So upgrading actually means digging a hole, how absurd is that Wallets must be monitored closely, no room for any carelessness Revealing the seed phrase outright, this move is absolutely reckless Automatic upgrades are the most dangerous, manual is more reliable Updating actually leads to being exploited, Web3 is really exciting

View OriginalReply0