Trust Wallet experienced a major supply chain attack involving the Shai-Hulud malware, leading to the theft of $8.5 million in assets via a compromised Chrome extension. The incident highlights vulnerabilities in software distribution and the importance of secure release processes. #ShaiHulud #TrustWallet #ChromeExtension #SupplyChainAttack
Keypoints
- Trust Walletβs Chrome extension was hijacked through a supply chain attack exploiting leaked developer secrets.
- The attacker uploaded a trojanized extension that harvested usersβ wallet mnemonic phrases.
- Approximately $8.5 million in cryptocurrency was drained from over 2,520 wallets.
- Trust Wallet has started a reimbursement process and enhanced its release monitoring controls.
- The Shai-Hulud attack was part of a broader industry-wide supply chain compromise affecting multiple sectors.
Read More: https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html