20251231-thehackernews.com-d2bd6 | Perceptive Security

< Back to index

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Published:

31 December 2025 at 16:29:00

Alert date:

31 December 2025 at 18:02:10

Source:

thehackernews.com

Supply Chain & Dependencies, Web Technologies, Data Breach & Exfiltration

Trust Wallet's Chrome extension was compromised through the second iteration of the Shai-Hulud supply chain attack in November 2025. The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets. The attackers gained access to Trust Wallet's developer GitHub secrets, which allowed them to compromise the browser extension source code. This represents a significant supply chain attack targeting cryptocurrency wallet users through a malicious browser extension.

Technical details

Attackers used the second iteration of Shai-Hulud supply chain attack to compromise Trust Wallet's Developer GitHub secrets, gaining access to browser extension source code and Chrome Web Store API key. The attackers registered domain 'metrics-trustwallet[.]com' and pushed a trojanized version of the extension (v2.68) with a backdoor capable of harvesting users' wallet mnemonic phrases. The malicious code sent stolen data to 'api.metrics-trustwallet[.]com'. The attack bypassed Trust Wallet's standard release process that requires internal approval and manual review by uploading builds directly via the compromised CWS API access.

Mitigation steps:

Update Trust Wallet Chrome extension to version 2.69 immediately. Trust Wallet has implemented additional monitoring capabilities and controls related to release processes. Affected users can submit reimbursement claims through Trust Wallet's claim process, though reviews are handled case-by-case with varying processing times.

Affected products:

Trust Wallet Chrome Extension v2.68
Trust Wallet Chrome Extension (fixed in v2.69)