Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
USDC 
Lido Staked Ether 
TRON 
Dogecoin 
Cardano 
Chainlink 
Wrapped stETH 
Wrapped Bitcoin 
Hyperliquid 
Wrapped Beacon ETH 
Stellar 
Sui 
Wrapped eETH 
Ethena USDe 
Bitcoin Cash 
Hedera 
Avalanche 
WETH 
LEO Token 
Litecoin 
Toncoin 
USDS 
Shiba Inu 
Binance Bridged USDT (BNB Smart Chain) 
WhiteBIT Coin 
Uniswap 
Polkadot 
Coinbase Wrapped BTC 
Ethena Staked USDe 
Bitget Token 
Monero 
Cronos 
Mantle 
Aave 
Pepe 
Dai 
Ethena 
Bittensor 
Ethereum Classic 
NEAR Protocol 
Aptos 
Ondo 
OKB 
Pi Network 
Jito Staked SOL 
Internet Computer 
Arbitrum 
Binance-Peg WETH 
BlackRock USD Institutional Digital Liquidity Fund 
Kaspa 
USD1 
POL (ex-MATIC) 
Algorand 
Gate 
Cosmos Hub 
VeChain 
Fasttoken 
Rocket Pool ETH 
Binance Staked SOL 
sUSDS 
Pudgy Penguins 
Render 
Jupiter Perpetuals Liquidity Provider Token 
Sei 
Kelp DAO Restaked ETH 
Official Trump 
Worldcoin 
Artificial Superintelligence Alliance 
Story 
BFUSD 
Flare 
Bonk 
Filecoin 
StakeWise Staked ETH 
KuCoin 
Lombard Staked BTC 
Liquid Staked ETH 
USDT0 
Jupiter 
XDC Network 
USDtb 
Sky 
Polygon Bridged USDT (Polygon) 
Falcon USD 
Injective 
Kinetiq Staked HYPE 
NEXO 
Provenance Blockchain 
Celestia 
Mantle Staked Ether 
Tether Gold 
Renzo Restaked ETH 
SPX6900 
Optimism 
First Digital USD 
PayPal USD 
Lido DAO 
Stacks 
Curve DAO 
Solv Protocol BTC 
Aerodrome Finance 
Wrapped BNB 
Jupiter Staked SOL 
Pump.fun 
Binance Bridged USDC (BNB Smart Chain) 
Immutable 
Saros 
Sonic 
FLOKI 
The Graph 
SyrupUSDC 
PAX Gold 
Arbitrum Bridged WBTC (Arbitrum One) 
Super OETH 
Conflux 
clBTC 
PancakeSwap 
Fartcoin 
Raydium 
Pendle 
Kaia 
Tezos 
Marinade Staked SOL 
dogwifhat 
L2 Standard Bridged WETH (Base) 
Ethereum Name Service 
cgETH Hashkey Cloud 
Vaulta 
Virtuals Protocol 
Theta Network 
IOTA 
MemeCore 
ether.fi Staked ETH 
JasmyCoin 
GALA 
AB 
OUSG 
Morpho 
Stables Labs USDX 
Ondo US Dollar Yield 
The Sandbox 
tBTC 
Pyth Network 
Ripple USD 
Arbitrum Bridged WETH (Arbitrum One) 
Stader ETHx 
BitTorrent 
Jito 
Zcash 
Mantle Restaked ETH 
Coinbase Wrapped Staked ETH 
Walrus 
Flow 
Vision 
Usual USD 
BUILDon 
Swell Ethereum 
Avalanche Bridged BTC (Avalanche) 
Binance-Peg Dogecoin 
Global Dollar 
Decentraland 
Bitcoin SV 
Beldex 
Starknet 
Helium 
Ether.fi 
dYdX 
Brett 
Reserve Rights 
TrueUSD 
Frax Ether 
Core 
ApeCoin 
Keeta 
USDD 
Polygon PoS Bridged WETH (Polygon POS) 
Telcoin 
APENFT 
Trip 
THORChain 
Maple Finance 
Solv Protocol Staked BTC 
Fluid 
Sun Token 
Arweave 
ZKsync 
NEO 
Savings Dai 
Compound 
Onyxcoin 
Polygon PoS Bridged DAI (Polygon POS) 
Mantle Bridged USDT (Mantle) 
Superstate Short Duration U.S. Government Securities Fund (USTB) 
EigenCloud (prev. EigenLayer) 
Last week, a Trust Wallet user suffered a sudden overnight loss of his funds, as detailed in a recent report shared with BeInCrypto. When he contacted the wallet to find out what had happened, they informed him that he had unknowingly granted permissions to malicious websites or applications.
Eve Lam, Chief Information Security Officer at Trust Wallet, said in an interview with BeInCrypto that most unauthorized cryptocurrency withdrawals originate from user issues. Dmytro Yasmanovych, Head of Compliance at Hacken, shared this perspective and provided guidance on steps users should take if they suspect their cryptocurrency wallet has been compromised.
An Overnight Loss
Last week, Matias, a crypto user from Chile, went to sleep without a care in the world. By the time he woke up, however, that all changed. According to details shared with BeInCrypto, when Matias accessed his Trust Wallet, he saw that his funds had been withdrawn from his account.
A situation like this had never happened to him in his five years using his mobile wallet. Matias soon noticed that at 8 a.m., a small amount of crypto had been deposited in his account. Shortly after that, his account was emptied.
Matias had no idea how such a thing could happen. After contacting Trust Wallet’s security team for an explanation, he learned that the problem originated from something he had done inadvertently.
“Based on our internal data and incident response investigations, the vast majority of unauthorized withdrawals are traced back to user-side issues,” Lam told BeInCrypto.
She explained many ways users can accidentally share sensitive information with malicious actors.
The Reality of User-Side Vulnerabilities
Trust Wallet’s analysis of its internal data and incident response investigations indicates that user-side issues cause most unauthorized cryptocurrency withdrawals.
These frequently involve leaked or compromised seed phrases, often resulting from social engineering tactics, insecure storage, and malicious smart contract approvals granted by users.
Device-level compromises and other incidents, like SIM swap attacks or theft of unlocked devices, also contribute to these unauthorized withdrawals.
“In all these cases, the Trust Wallet app itself is not breached—the issue stems from the external environment in which it’s being used or from actions taken prior to installation,” Lam detailed.
These exploitation methods are now among the most common attack techniques for stealing cryptocurrency from mobile wallets.
User Error vs. Wallet Hacks: Where Do Most Losses Occur?
While Hacken lacks specific internal data on evolving mobile wallet attack trends, Yasmanovych explained to BeInCrypto that fund losses enabled by user actions are increasingly evident in the cases the cybersecurity company investigates.
“What we’re seeing in our investigations and tooling points to a much broader issue: most large scale losses in crypto today are less about mobile malware and more about failures in signer workflows, interface security, and access control,” Yasmanovych outlined.
Signer workflows involve authorizing cryptocurrency transactions with private keys. If these keys are compromised, it enables direct, unauthorized transaction signing. Meanwhile, flawed user interfaces (UIs) in crypto wallets and dApps can mislead users into harmful transactions. Attack methods include address poisoning, where attackers create similar-looking addresses to intercept funds.
They also deploy spoofed or malicious dApps designed to steal credentials or induce harmful transaction signings. Additionally, UI redressing involves deceptive overlays that trick users into performing unintended actions.
Oftentimes, users also unknowingly authorize malicious smart contracts.
“That’s an important point—malicious approvals can exist before Trust Wallet is ever installed, especially if a user interacted with Web3 apps using other wallets or browsers,” Lam warned.
Once such a scenario occurs, it’s extremely hard to recover funds.
The Challenge of Fund Recovery
Given its status as a non-custodial wallet, Trust Wallet cannot reverse crypto transactions after a scam. Nevertheless, it assists users by performing on-chain analysis to trace stolen funds. It also provides detailed incident reports for law enforcement and sometimes collaborates with forensic firms.
Despite these efforts, the likelihood of recovering funds remains very low.
“Success depends heavily on early action. When funds reach CEXs and users promptly file [law enforcement] reports, there’s a non-zero chance of asset freezes. Across all scam-related cases, the recovery success rate is low, but when centralized endpoints are involved and law enforcement is engaged quickly, we’ve seen funds recovered, like a case we assisted in with ~$400k traced,” Lam told BeInCrypto.
As a result, user education remains the most effective way to prevent the issues that cause these losses.
Beyond Detection: What Preventative and Reactive Steps Are Crucial?
Trust Wallet has a built-in Security Scanner that flags real-time threats such as interactions with known scammer addresses, phishing sites, and suspicious approvals. But sometimes, these warning signs aren’t enough.
To safeguard cryptocurrency wallets, Yasmanovych advised that organizations and individuals should implement Cryptocurrency Security Standard (CCSS) controls for managing keys and ensuring operational security.
“Define clear actions for when a key is suspected compromised, including revocation, fund migration, and audit, require [Multi-factor authentication] for all access to wallet systems and key handling interfaces, use quorum-based access to prevent any single actor from compromising funds, [and] implement encrypted, geo-distributed backups with clearly defined restore procedures to ensure resilience without centralizing risk,” he explained.
Yasmanovych also stressed the importance of knowing what to do after these exploits happen.
“If you suspect your cryptocurrency wallet has been compromised, act immediately: Report the incident to law enforcement and engage crypto forensics professionals, track stolen funds using chain analysis tools to monitor movement and identify mixers or exchanges involved, [and] submit requests to exchanges with KYC data for frozen fund attempts,” he added.
Despite these measures, the reality remains that user-side vulnerabilities continue to lead to losses.
The Enduring Challenge of User Vulnerabilities in Mobile Wallets
Even with proactive security measures, the ongoing regularity of fund losses raises significant concern. The regularity of these events highlights the persistent challenge of user-end vulnerabilities when using mobile wallets.
The path to a safer Web3 inherently requires a balance between strong security protocols and proactive user preparedness. Consequently, a sustained commitment to user education and the widespread adoption of these protective measures remains vital for effectively reducing exploits and establishing a more secure environment across the industry.
