How browser extensions expose crypto to a fatal design flaw the industry ignored, bleeding $713M in 2025

Trust Wallet’s Chrome extension shipped a malicious update in December, exfiltrating wallet data and draining roughly $7 million from hundreds of accounts before the company pushed a fix. The compromised version 2.68 was live for days, auto-updating in the background, the way browser extensions are designed to. Users who followed every standard self-custody rule, such […]