BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Trust Wallet Chrome Extension Breach Drains $8.5M from Users

Leaked GitHub secrets let attackers push a trojanized Trust Wallet Chrome extension (linked to Shai‑Hulud 3.0), draining ~$8.5M from ~2,520 wallets; Trust Wallet opens reimbursement claims and tightens release controls.

  • Trust Wallet extension was compromised after developer GitHub secrets leaked, enabling malicious uploads to the Chrome Web Store.
  • The attacker deployed a trojanized extension that harvested wallet mnemonic phrases, draining about $8.5 million from 2,520 addresses.
  • The breach ties to the Shai-Hulud supply chain campaign; a new Shai-Hulud 3.0 variant has appeared with improved obfuscation.
  • Trust Wallet opened a reimbursement claim process and added monitoring and release controls.

Trust Wallet reported that a supply chain intrusion linked to the Shai-Hulud campaign led to a compromise of its Google Chrome extension. The company said the incident traces back to leaked developer GitHub secrets that exposed the extension source and a Chrome Web Store API key (post-mortem said).

- Advertisement -

“Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key,” the company said. The attacker used the leaked key to obtain full CWS API access and upload builds without Trust Wallet’s normal approval process.

The actor registered the domain “metrics-trustwallet[.]com” and pushed a trojanized extension to a subdomain. The malicious build contained a backdoor that collected users’ wallet mnemonic phrases. (Definition: a mnemonic phrase is a sequence of words used to recover a cryptocurrency wallet.)

The malicious update was pushed on December 24, 2025, and the first wallet-draining activity was reported the next day. About $8.5 million was stolen from roughly 2,520 wallet addresses and moved to at least 17 attacker-controlled addresses.

Trust Wallet has opened a reimbursement claim process for impacted users and is reviewing claims case by case to separate victims from potential fraud. The company also said it has implemented additional monitoring and controls for its release process (post-mortem said).

- Advertisement -

Shai-Hulud is described as an industry-wide software supply chain attack (Definition: a supply chain attack inserts malicious code into trusted software dependencies to reach many targets). The campaign has evolved into a 3.0 variant. “The primary difference lies in string obfuscation, error handling, and Windows compatibility, all aimed at increasing campaign longevity rather than introducing novel exploitation techniques,” Upwind researchers Guy Gilad and Moshe Hassan said.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

10 Best Crypto to Mine Without Special Hardware Equipment

A lot of people mostly think that it takes a difficult process to mine cryptocurrency. today we are going to show you some of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading