In a December 26 security advisory, Trust Wallet confirmed a security vulnerability in its browser extension (v2.68). On-chain researcher ZachXBT estimates hundreds of users impacted and losses exceeding $6 million, underscoring persistent risk in leading extensions.

Historical incidents illustrate a persistent risk environment. Trust Wallet suffered a WebAssembly flaw in 2022 affecting new addresses, with roughly $170k stolen. MetaMask encountered a Demonic memory exposure; phishing and counterfeit extensions have since increased.

To protect funds, download only from the official Chrome Web Store, verify extensions before installation, and consider hardware wallets. Routine permission reviews and up-to-date software reduce exposure to counterfeit apps and phishing schemes.