top of page
Search

Trust Wallet Chrome Extension Hack Drains $8.5M in Shai-Hulud Supply Chain Attack

  • Dec 31, 2025
  • 2 min read

Key Findings


  • The second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain attack in November 2025 was likely responsible for the hack of Trust Wallet's Google Chrome extension.

  • The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets from 2,520 wallet addresses.

  • The attacker obtained full access to the Chrome Web Store (CWS) API key, allowing them to upload a trojanized version of the extension with a backdoor capable of harvesting users' wallet mnemonic phrases.

  • The malicious update (version 2.68) was pushed to the browser's extension marketplace on December 24, 2025, and the first wallet-draining activity was publicly reported a day later.

  • Trust Wallet has initiated a reimbursement claim process for impacted victims and implemented additional monitoring and controls to prevent such breaches in the future.


Background


The Shai-Hulud supply chain attack was an industry-wide incident that affected companies across multiple sectors, including the cryptocurrency industry. It involved the introduction of malicious code through commonly-used developer tooling, allowing attackers to gain access through trusted software dependencies rather than directly targeting individual organizations.


Attacker Tactics


  • The attackers leveraged the Shai-Hulud supply chain attack to gain access to Trust Wallet's GitHub secrets, including the Chrome Web Store API key.

  • Using the API key, the attackers were able to bypass Trust Wallet's standard release process and push a trojanized version of the extension (version 2.68) to the Chrome Web Store.

  • The backdoored extension was designed to harvest users' wallet mnemonic phrases, which were then used to drain the targeted wallets.

  • The attackers registered the domain "metrics-trustwallet[.]com" and hosted the malicious infrastructure on the subdomain "api.metrics-trustwallet[.]com".


Impact and Response


  • The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets from 2,520 wallet addresses.

  • Trust Wallet has initiated a reimbursement claim process for impacted victims and is handling the claims on a case-by-case basis.

  • To prevent such breaches in the future, Trust Wallet has implemented additional monitoring and controls related to its release processes.


Ongoing Threat


  • The Shai-Hulud supply chain attack has evolved, with the emergence of Shai-Hulud 3.0, which features increased obfuscation and reliability improvements.

  • The primary focus of Shai-Hulud 3.0 remains on stealing secrets from developer machines, with a strong emphasis on string obfuscation, error handling, and Windows compatibility.

  • The industry-wide impact of the Shai-Hulud supply chain attack underscores the need for heightened security measures and vigilance in the software supply chain.


Sources


  • https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html

  • https://securityonline.info/the-christmas-heist-how-shai-hulud-hijacked-trust-wallet-for-an-8-5m-score/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page