Cybersecurity

Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

2026-01-02 0 views admin
Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November.

Trust Wallet, a crypto wallet used by over 200 million people, enables users to store, send, and receive Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies and digital tokens via a web browser extension and free mobile apps.

As BleepingComputer previously reported, this December 24th incident resulted in the theft of millions of dollars in cryptocurrency from the compromised wallets of Trust Wallet users.

This happened after attackers added a malicious JavaScript file to version 2.68.0 of Trust Wallet's Chrome extension, which stole sensitive wallet data and enabled threat actors to execute unauthorized transactions.

"Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a Tuesday update.

"The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review."

As Trust Wallet explained, in the next stage of the attack, the threat actor registered the domain metrics-trustwallet.com and the subdomain api.metrics-trustwallet.com to host malicious code, which was later referenced in a trojanized version of the Trust Wallet extension.

The modified version of the official extension was built using source code obtained via exposed GitHub developer secrets, allowing the attacker to embed malicious code that collected sensitive wallet data without traditional code injection.

Using a leaked CWS key, the attacker published version 2.68 to the Chrome Web Store, which was automatically released after passing review, bypassing Trust Wallet's internal approval processes.

In response to the incident, Trust Wallet revoked all release APIs to block attempts to release new versions and ensured that the hackers couldn't steal additional wallet data by reporting the malicious domains to the NiceNIC registrar, which promptly suspended them.

Source: BleepingComputer

🏷️ Tags

hackattackthreat

More from Cybersecurity

Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

2026-01-02 0
Google Is Testing A New Image AI And It's Going To Be Its Fastest...

Google Is Testing A New Image AI And It's Going To Be Its Fastest...

2026-01-02 0
Cybersecurity Predictions For 2026: Navigating The Future Of...

Cybersecurity Predictions For 2026: Navigating The Future Of...

2026-01-02 0
Critical CTO New Year Resolutions For A More Secure 2026

Critical CTO New Year Resolutions For A More Secure 2026

2026-01-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views