Trust Wallet Woes: $8.5M Vanishes in Second Shai-Hulud Crypto Heist!
Trust Wallet confirms a second Shai-Hulud supply-chain attack on its Chrome extension, resulting in $8.5 million in crypto theft. Malicious code was published with a leaked API key, compromising sensitive wallet data. Trust Wallet rolled back the compromised version and strengthened security measures while reimbursing affected users.
Hot Take:
Shai-Hulud strikes again, and this time it’s not just sandworms causing chaos but a sneaky supply-chain hack that has Trust Wallet users clutching their digital pearls. It’s like Dune, but with more crypto and fewer sandstorms!
Key Points:
- A second Shai-Hulud supply-chain attack hit Trust Wallet’s Chrome extension, leading to an $8.5 million crypto heist.
- The attacker used leaked Chrome Web Store API keys and exposed developer GitHub secrets to upload a malicious extension.
- Malicious code was activated on every unlock, stealing sensitive data even without traditional code injection.
- Stolen data was sent to a domain linked to a bulletproof hosting provider with ties to Russian cyber activities.
- Trust Wallet has rolled back the compromised extension, issued updates, and promised reimbursement to affected users.
Already a member? Log in here