Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Community
Square
Discover value in crypto
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
More
Promotions
Diğerleri
TradFi
giveaways
Rewards Hub
Square
Latest
Hot
News
Profile
GateUser-83fc62advip

Trust Wallet browser extension recently exposed a rather unsettling security incident——the official issued an emergency notice for version 2.68, recommending users immediately disable and upgrade to 2.69. The strange part is that many people never actively upgraded.



Here's what happened: if you installed version 2.67 and then restarted Chrome, the extension would automatically upgrade to 2.68. Once you performed any signing operation, your mnemonic phrase could potentially be leaked. This isn't a complex hacking method; it's a trap embedded within the update process.

The most troubling part is this—"security upgrades" should be the opposite of risk, but instead, they became an entry point for risk. Wallets aren't hacked because algorithms are cracked or through brute-force attacks; rather, something went wrong during software iteration. You use the wallet normally, sign a transaction as usual, and sensitive data that should never appear anywhere—seeds, mnemonic phrases, derived key materials—are exposed directly to attackers.

This incident is definitely a wake-up call. For Web3 users, every wallet version update requires extra caution.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 8
  • Repost
  • Share
Comment
0/400
NFTFreezervip
· 2025-12-29 18:25
Honestly, this is ridiculous. Automatic upgrades end up digging a hole for you.
View OriginalReply0
LiquidityWitchvip
· 2025-12-29 15:11
This is outrageous. Automatic upgrades end up digging a hole for you. --- Trust Wallet's recent update is really dragging it down; upgrading has become the biggest risk. --- So now even wallet upgrades need to be cautious? Web3 really is a minefield step by step. --- Oh my, the mnemonic phrase was leaked directly. This isn't a security upgrade; it's like giving a gift to hackers. --- Automatic upgrade causing issues—who can handle this? --- Wait, did I also upgrade automatically that day? I need to check the version number quickly. --- Typical upgrade as a gift—truly incredible. --- No wonder people keep getting robbed; it turns out the risk is embedded in the upgrade process. --- Isn't this just opening a backdoor for hackers yourself? --- That 2.68 update was really outrageous, and the key point is it wasn't even an active upgrade.
View OriginalReply0
SatoshiLeftOnReadvip
· 2025-12-27 21:17
This is outrageous, upgrading actually gets you stabbed in the back Security upgrade turns into a security vulnerability, unbelievable Should I really uninstall Trust Wallet? I thought it was just a small bug, didn't expect to be exposed completely These days, you can't even trust your wallet Updating the chain link is a trap... the method is quite professional Can mnemonic phrases be leaked? This is just playing around, isn't it? No wonder everyone in the group has been complaining about Trust lately The upgrade itself has become the biggest risk point Looks like I need to manually control the version, automatic updates are too disgusting Better quickly check what version number is installed
View OriginalReply0
RektRecoveryvip
· 2025-12-26 18:55
lmao so the "security update" was the exploit all along... classic web3 moment. auto-update into a honeypot? that's not a bug, that's just darwinism with extra steps.
Reply0
FOMOrektGuyvip
· 2025-12-26 18:55
Now this is crazy, the security update has become a backdoor instead, unbelievable
View OriginalReply0
Layer2Observervip
· 2025-12-26 18:40
Automatically upgrading this design is ridiculous; it clearly wasn't thought through. --- From a source code perspective, this kind of vulnerability is actually due to poor permission management—quite basic. --- Wait, mnemonic phrases are exposed directly in memory? Isn't that a fundamental violation of key management standards? --- Honestly, the update mechanism should have a confirmation popup; it's shocking that a major project like this defaults to force installation. --- It seems that the security audit process for Web3 wallets really needs to be re-evaluated. --- Is version 2.68 still running in the wild environment? Does the official have any data? --- On the other hand, why weren't these issues caught during testing... what's going on with the code review process? --- Damn, trust is already fragile, and now it's even more heartbreaking. --- I need to clarify one thing: does this mean that a single signature operation can fully expose the mnemonic, or is it just a risk exposure? Further verification is needed. --- Wallet iteration should have strengthened trust, but instead it became a breach of trust—definitely worth reviewing.
View OriginalReply0
DisillusiionOraclevip
· 2025-12-26 18:31
Oh my, automatic upgrades are like setting traps? That's even more outrageous than being attacked. --- Trust level drops to zero directly, upgrading becomes a backdoor entry ticket. --- It's ridiculous, just signing a transaction with a mnemonic phrase and it's gone—who would think of that? --- It's the auto-update again causing trouble. Now I see browser prompts, I want to uninstall. --- Trust Wallet? More like Trust Trap, huh? --- So now even upgrades have to be handled as cautiously as guarding against thieves. --- How bad must their iteration process be to leak the mnemonic phrase? --- The most painful betrayal is from tools you trust. --- The mnemonic phrase is exposed directly during signing? Where are the security teams? --- Embedding traps in the update process is basically actively opening a backdoor for hackers. --- It's more reliable to keep your cold wallet yourself. These browser extensions really...
View OriginalReply0
DancingCandlesvip
· 2025-12-26 18:28
So upgrading actually means digging a hole, how absurd is that Wallets must be monitored closely, no room for any carelessness Revealing the seed phrase outright, this move is absolutely reckless Automatic upgrades are the most dangerous, manual is more reliable Updating actually leads to being exploited, Web3 is really exciting
View OriginalReply0

  • Pin

Sitemap