general🌐InternationalThe Hacker News
Trust Wallet Chrome Extension Hacked via Supply Chain Attack
Thursday, January 1, 2026
What
A Shai-Hulud supply chain attack exposed Trust Wallet's GitHub secrets and Chrome Web Store API key, enabling threat actors to upload a trojanized extension (v2.68). This malicious version harvested users' mnemonic phrases, resulting in the theft of $8.5 million from 2,520 crypto wallets.
Where
Trust Wallet Chrome extension users; infrastructure hosted by Stark Industries Solutions (UK-incorporated, linked to Russia).
When
Initial compromise in November 2025, malicious update pushed December 24, 2025, with post-mortem disclosure in late December/early January 2026.
Key Factors
- •The attack leveraged a leaked Chrome Web Store API key obtained through a prior Shai-Hulud supply chain compromise of Trust Wallet's developer GitHub secrets, bypassing standard release processes.
- •The malicious extension (v2.68) was designed to exfiltrate all configured wallet mnemonic phrases upon every unlock, regardless of user activity or security measures, disguised as telemetry data.
- •Attacker infrastructure, hosted by Stark Industries Solutions, a bulletproof hosting provider, was staged weeks before the malicious update, indicating a pre-planned and sophisticated operation potentially linked to Russian state-sponsored activity.
Takeaways
- →Users of browser-based crypto wallets should immediately update to the latest version and consider hardware wallets for significant assets.
- →Organizations must implement robust supply chain security measures and multi-factor authentication for all developer tools and API access to prevent similar compromises.
