kommunitas logo
BlogNews

Kommunitas Security Advisory: Safe Trust Wallet Usage Post-Incident

Kommunitas Security Advisory: Safe Trust Wallet Usage Post-Incident

Kommunitas Security Advisory: Safe Trust Wallet Usage Post-Incident

News January 15, 2026

By Priyo Harjiyono

The recent malicious code injection into a specific version of the Trust Wallet browser extension (v2.68) was published on the Chrome Web Store, reportedly due to a leaked API key. This malicious code was designed to:

  • Iterate through and steal the seed phrases (recovery phrases) of users who had the extension installed and unlocked it during the vulnerability window.

  • The stolen phrases were then sent to an attacker-controlled server, allowing the hackers to drain the crypto funds.

The issue was widely reported on and around December 26, 2025, following reports of funds being drained starting on December 25th. Only the Trust Wallet Chrome Browser Extension, version 2.68, was affected. Mobile app users were NOT impacted. Approximately $7 million in various cryptocurrencies (including Bitcoin, Ethereum, and Solana) was reported as lost from hundreds of victims.

We urge all Kommunitas users to review and implement the following security measures immediately.

1. Actionable Steps for Trust Wallet Extension Users

If you use the Trust Wallet Chrome Extension, follow these steps in order:

  • 1. Verify & Update Immediately

    • Check your version: Ensure you have disabled or removed the compromised version v2.68.

    • Update: Only use the latest, patched version (currently v2.69 or higher) downloaded only from the official Google Chrome Web Store listing.

    • Never trust links: Do not click on update links from unsolicited emails, Telegram DMs, or social media posts.

  • 2. Prioritize Seed Phrase Rotation (Critical)

    • If you created, imported, or accessed your wallet (by entering your password) on the compromised extension version (v2.68) between December 24-26, assume your Seed Phrase is compromised.

    • ACTION: Immediately create a Brand New Wallet (using a completely new, secure Seed Phrase) and transfer all your assets from the old wallet to the new one, Read also How to add money to new Trust Wallet. Your old wallet is no longer safe for holding funds.

  • 3. Claim Compensation (If Affected)

    • Trust Wallet has committed to fully compensating all verified losses from the v2.68 extension incident (up to approximately $7 million).

    • ACTION: Follow the instructions on Trust Wallet's official support channels (and only their official channels) to submit your claim form and provide necessary transaction details. Be wary of fake compensation forms.

2. Best Practices for Long-Term Security

The following habits are essential for all crypto users, regardless of which wallet you use for Kommunitas IKOs:

Hardware Wallet (Cold Storage) Integration

  • Move Your Vault: For funds you are not actively using (such as large allocation amounts, long-term holdings, or assets not needed for immediate staking/swapping), transfer them to a Hardware Wallet (e.g., Ledger or Trezor).

  • Connect Safely: Trust Wallet's extension supports connecting to a hardware wallet, which ensures your private keys never leave the offline device, providing the highest level of security for transactions.

Token Approvals Management

  • Limit Risk: Every time you interact with a new dApp (like a staking or farming platform), you grant a Token Approval allowing the smart contract to spend your tokens.

  • ACTION: Regularly check and Revoke unused or unlimited token approvals using tools like Approved.zone, Debank, or BscScan/Etherscan's Token Approval Checker. This minimizes the damage if a dApp or your wallet connection is compromised.

Separate Your Wallets

  • The "Burner" Wallet: Use one wallet (the "burner") for new, untested dApps, connecting to public sites, and social experiments. Keep only small amounts of expendable funds here.

  • The "Vault" Wallet: Use a separate, highly-secured wallet (preferably hardware-backed) only for storing your primary holdings and the funds needed for high-value activities like Kommunitas IKO participation and staking. Never connect this vault wallet to suspicious or unverified sites.

Kommunitas Reminder: We host our token offerings on a secure smart contract platform. Your funds are only at risk if the wallet you use to connect (like a compromised browser extension) exposes your private keys. Always stay updated, stay vigilant, and never share your 12- or 24-word Seed Phrase.

Share This Article

This link will open in a new window