Belief Pockets customers suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension model 2.68.0, launched on December 24, 2025.
The breach, which focused desktop customers completely, left a whole lot of wallets utterly drained inside hours of the malicious replace’s deployment.
Blockchain investigator ZachXBT initially flagged the incident on the social media platform X, noting a suspicious spike in unauthorized fund transfers from affected addresses instantly after person interactions with the compromised extension.
Victims started reporting the thefts on Christmas Eve, sharing screenshots displaying portfolios emptied of Ethereum, Bitcoin, Solana, and Binance Coin holdings.
One sufferer reported shedding $300,000 inside minutes after performing routine authorization by means of the extension, with stolen belongings redirected to a number of attacker-controlled addresses.
Safety agency PeckShield initially estimated losses at $6 million. Nevertheless, Belief Pockets later confirmed that roughly $7 million had been stolen throughout a whole lot of compromised wallets.
Safety researchers recognized malicious code embedded in a JavaScript file named 4482.js that masqueraded as legit PostHog analytics software program.
The obfuscated script activated when customers imported seed phrases, silently exfiltrating delicate pockets credentials and restoration phrases to api.metrics-trustwallet.com a fraudulent area registered mere days earlier than the assault and designed to imitate official Belief Pockets infrastructure.
The assault demonstrated subtle coordination, with risk actors concurrently launching phishing campaigns through domains equivalent to fix-trustwallet.com.
These fraudulent websites exploited person panic by providing faux “vulnerability fixes” that prompted customers to enter their seed phrases, enabling immediate pockets drainage.
Belief Pockets acknowledged the safety breach on December 25 through X, confirming the compromise affected solely model 2.68.0.
The corporate instructed customers to right away flip off the extension and replace to model 2.69.
Belief Pockets pledged full refunds to victims and warned customers towards responding to unofficial direct messages claiming to supply assist.
Binance co-founder Changpeng Zhao instructed potential insider involvement within the breach, elevating questions on inner safety controls.
The incident highlights crucial supply-chain vulnerabilities in cryptocurrency extensions, the place automated updates can bypass person verification.
Cybersecurity consultants advocate that affected customers create new wallets and punctiliously confirm all future extension updates.
Observe us on Google Information, LinkedIn, and X to Get Immediate Updates and Set GBH as a Most well-liked Supply in Google.
![[Webinar] Eradicate Ghost Identities Earlier than They Expose Your Enterprise Information](https://blog.aimactgrow.com/wp-content/uploads/2026/04/ghost-120x86.jpg)
