{"id":92826,"date":"2025-12-31T15:25:19","date_gmt":"2025-12-31T12:25:19","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=92826"},"modified":"2025-12-31T15:30:13","modified_gmt":"2025-12-31T12:30:13","slug":"trust-wallet-reveals-details-of-8-5-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/trust-wallet-reveals-details-of-8-5-million-hack\/","title":{"rendered":"Trust Wallet Reveals Details of $8.5 Million Hack"},"content":{"rendered":"<p>The Trust Wallet team <a href=\"https:\/\/trustwallet.com\/ru\/blog\/announcements\/trust-wallet-browser-extension-v268-incident-community-update\">released<\/a> a report on the <a href=\"https:\/\/forklog.com\/en\/news\/trust-wallet-users-suffer-7-million-hack\">incident<\/a> that occurred on December 26. Attackers compromised the browser extension and extracted assets worth $8.5 million.<\/p>\n<p>According to the statement, the attack affected 2,520 addresses. The developers have pledged to fully compensate the victims for their losses.<\/p>\n<h2 class=\"wp-block-heading\">How It Happened<\/h2>\n<p>The breach was caused by a large-scale supply chain attack known as Sha1-Hulud, identified back in November. At that time, hackers gained access to developers&#8217; secrets on GitHub and the <span data-descr=\"application programming interface\" class=\"old_tooltip\">API<\/span> key for the Chrome Web Store.<\/p>\n<p>Using the stolen data, the attackers:<\/p>\n<ol class=\"wp-block-list\">\n<li>Uploaded a malicious version of the extension (2.68) to the Chrome Web Store, bypassing Trust Wallet&#8217;s internal controls.<\/li>\n<li>Registered the domain metrics-trustwallet.com to collect confidential data (seed phrases and private keys).<\/li>\n<li>Automatically distributed the update among users after passing Google&#8217;s review.<\/li>\n<\/ol>\n<p>The malicious version was active from December 24 to 26. After discovering the issue, the team rolled back the extension to the secure version 2.69 and revoked the compromised keys.<\/p>\n<h2 class=\"wp-block-heading\">Who Was Affected<\/h2>\n<p>The vulnerability exclusively affected users of the desktop extension version 2.68 who accessed the wallet on the specified dates. The Trust Wallet mobile app and other extension versions remained secure.<\/p>\n<p>Analysts identified 17 addresses controlled by the hacker. The total damage amounted to $8.5 million.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cWe view this incident not only as a critical lesson for us but also as a turning point for the entire industry regarding supply chain attacks,\u201d noted Trust Wallet.<\/em><\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\">Compensation Process<\/h2>\n<p>The company has already begun working with the victims of the hack. To receive compensation, users must submit an application through the official support form and verify wallet ownership.<\/p>\n<p>Trust Wallet highlighted the complexity of the process due to a surge of fraudsters. More than 5,000 applications have already <a href=\"https:\/\/forklog.com\/en\/news\/trust-wallet-faces-surge-in-fraudulent-compensation-claims\">been submitted for 2,520 affected addresses<\/a>. The team urged users to be patient and wary of phishing: official support never requests seed phrases.<\/p>\n<p>To prevent similar situations in the future, the project has strengthened security measures, including code dependency audits and credential rotation.<\/p>\n<p>Back in 2025, the volume of funds stolen through phishing attacks <a href=\"https:\/\/forklog.com\/en\/news\/crypto-phishing-losses-plunge-83-in-2025\">decreased by 83%<\/a>, amounting to $83.85 million, according to SlowMist.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Trust Wallet team released a report on the incident that occurred on December 26. Attackers compromised the browser extension and extracted assets worth $8.5 million.<\/p>\n","protected":false},"author":1,"featured_media":92827,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Trust Wallet reports $8.5M hack via compromised browser extension.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1252,776],"class_list":["post-92826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-reports","tag-trust-wallet"],"aioseo_notices":[],"amp_enabled":true,"views":"246","promo_type":"1","layout_type":"1","short_excerpt":"Trust Wallet reports $8.5M hack via compromised browser extension.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=92826"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92826\/revisions"}],"predecessor-version":[{"id":92828,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92826\/revisions\/92828"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/92827"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=92826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=92826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=92826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}