Trust Wallet seed-phrase phishing campaign using fix-trustwallet[.]com
Campaign
Summary
Hide ▲
Show ▼
A parallel phishing campaign is exploiting the Trust Wallet panic, using fix-trustwallet[.]com and X accounts to push victims toward a fake fix and steal wallet recovery seed phrases. The lure impersonates Trust Wallet branding and turns users' search for help into a path for immediate wallet takeover. Because a seed phrase acts as a master key, the campaign can rapidly convert confusion into direct financial loss.
Related Happenings
FakeWallet Apple App Store wallet-stealing apps
Malware Activity
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet Apple App Store wallet-stealing apps
Malware ActivityAbout this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet crypto wallet phishing campaign targeting users in China
Campaign
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
FakeWallet crypto wallet phishing campaign targeting users in China
CampaignAbout this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
Latest development: 24.04.2026 14:48
Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.
Trust Wallet hit by network compromise
Incident
First: 02.01.2026 16:19
Last: 02.01.2026 16:19
Sources 1
How related:
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users.
About this happening:
**Trust Wallet** said its **Chrome extension** was likely compromised through the **second iteration of Shai-Hulud** in **November 2025**, exposing **GitHub secrets** and a **Chro...
Trust Wallet hit by network compromise
IncidentHow related: Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users.
About this happening: **Trust Wallet** said its **Chrome extension** was likely compromised through the **second iteration of Shai-Hulud** in **November 2025**, exposing **GitHub secrets** and a **Chro...
Shai-Hulud Chrome extension trojanized backdoor with wallet mnemonic theft
Malware Activity
First: 31.12.2025 18:29
Last: 31.12.2025 18:29
Sources 1
About this happening:
The **Shai-Hulud** supply-chain operation delivered a trojanized **Google Chrome extension** build with a backdoor that could steal **wallet mnemonic phrases**, creating a direct...
Shai-Hulud Chrome extension trojanized backdoor with wallet mnemonic theft
Malware ActivityAbout this happening: The **Shai-Hulud** supply-chain operation delivered a trojanized **Google Chrome extension** build with a backdoor that could steal **wallet mnemonic phrases**, creating a direct...
Trust Wallet Chrome extension mnemonic leak
Data Leak
First: 26.12.2025 17:31
Last: 26.12.2025 17:31
Sources 1
About this happening:
Trust Wallet's **Google Chrome extension version 2.68** exposed decrypted **mnemonic phrases** to **api.metrics-trustwallet[.]com**, putting affected users' wallet seed data at ri...
Trust Wallet Chrome extension mnemonic leak
Data LeakAbout this happening: Trust Wallet's **Google Chrome extension version 2.68** exposed decrypted **mnemonic phrases** to **api.metrics-trustwallet[.]com**, putting affected users' wallet seed data at ri...
Timeline
-
26.12.2025 11:47 2 articles · 5mo ago
Fake Trust Wallet fix site targets seed phrases
Initial DisclosureThreat actors used fix-trustwallet[.]com and related X accounts to impersonate Trust Wallet, advertise a bogus security vulnerability fix, and prompt users to enter wallet recovery seed phrases; WHOIS data also linked fix-trustwallet[.]com to metrics-trustwallet[.]com through the same registrar.
Show sources
- Trust Wallet Chrome extension hack tied to millions in losses — www.bleepingcomputer.com — 26.12.2025 11:47
- Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack — www.bleepingcomputer.com — 29.12.2025 18:43