Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Trust Wallet hit by network compromise

Incident
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

Trust Wallet said its Chrome extension was likely compromised through the second iteration of Shai-Hulud in November 2025, exposing GitHub secrets and a Chrome Web Store API key that let attackers upload a trojanized build. The malicious version 2.68.0 update on December 24, 2025 added a malicious JavaScript file and backdoor behavior that harvested wallet mnemonic phrases, leading to the theft of about $8.5 million from 2,520 wallet addresses. Trust Wallet said it has revoked its release APIs, is reviewing reimbursement claims for affected users, and has reported the attacker infrastructure, including metrics-trustwallet.com and api.metrics-trustwallet.com.

Related Happenings

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...

Open Happening

Elementary-data package hit by network compromise

Incident
First: 27.04.2026 18:17 Last: 27.04.2026 18:17 Sources 1

About this happening: The **elementary-data** project suffered a **malicious release compromise** that exposed users of **PyPI** and **GitHub Container Registry** to a backdoored package and image. An...

Open Happening

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

EngageLab SDK intent redirection security flaw

Vulnerability
First: 09.04.2026 20:26 Last: 09.04.2026 20:26 Sources 1

About this happening: A **now-patched intent redirection vulnerability** in the **EngageLab SDK** could let **malicious apps** bypass the **Android security sandbox** and access private data in apps us...

Open Happening

Timeline

  1. 02.01.2026 16:19 1 articles · 4mo ago

    Trust Wallet Chrome extension compromise on December 24

    Technical Analysis Update

    Attackers added a malicious JavaScript file to version 2.68.0 of Trust Wallet's Chrome extension, stole sensitive wallet data, and enabled unauthorized transactions; the same compromise exposed Developer GitHub secrets and the Chrome Web Store (CWS) API key, and a trojanized build was published after malicious code was hosted on metrics-trustwallet.com and api.metrics-trustwallet.com.

    Show sources
    Open in new tab
  2. 02.01.2026 16:19 3 articles · 4mo ago

    Trust Wallet links compromise to Sha1-Hulud and revokes release APIs

    Mitigation Patch Update

    Trust Wallet said the compromise was likely related to an industry-wide Sha1-Hulud attack in November, disclosed that Developer GitHub secrets exposed the browser extension source code and the CWS API key, revoked all release APIs, reported the malicious domains to NiceNIC for suspension, started reimbursing affected users, and warned about impersonation scams using fake compensation forms and Telegram ads.

    Show sources
    Open in new tab