breachšInternationalBleepingComputer
Trust Wallet Suffers $8.5M Crypto Theft via Compromised Extension
Friday, January 2, 2026
What
Trust Wallet's Chrome extension was compromised, leading to the theft of approximately $8.5 million from over 2,500 crypto wallets. This occurred after attackers gained access to developer GitHub secrets and a Chrome Web Store API key, enabling them to publish a malicious extension version.
Where
Trust Wallet users, specifically those using its Chrome browser extension. The underlying supply chain attack affected the npm software registry and GitHub.
When
Incident occurred December 24th, reported January 2, 2026. The related Sha1-Hulud attack began in September and escalated in November.
Key Factors
- ā¢The attack leveraged exposed Developer GitHub secrets to access Trust Wallet's browser extension source code and a critical Chrome Web Store API key.
- ā¢Attackers used the leaked CWS API key to bypass standard release processes, directly uploading a trojanized extension (version 2.68.0) containing malicious JavaScript.
- ā¢The incident is likely connected to the Sha1-Hulud NPM supply chain attack, which compromised numerous npm packages to steal developer and CI/CD secrets.
Takeaways
- āOrganizations must implement robust security for developer secrets and API keys, including regular rotation and multi-factor authentication, to prevent supply chain compromises.
- āUsers should exercise extreme caution with browser extensions, verifying authenticity and being wary of unsolicited communications regarding compensation or support.
Read Full Article
Opens original article on BleepingComputer
