Trust Wallet recently disclosed that a cyber attack linked to the Shai-Hulud supply chain incident, which occurred in November 2025, compromised its Google Chrome extension. This breach led to the loss of approximately $8.5 million in cryptocurrency assets.
According to Trust Wallet, the attackers gained access by exploiting exposed developer secrets on GitHub, which provided them with access to the extension’s source code and the Chrome Web Store API key. With this key, the attackers uploaded a modified version of the extension directly to the store without going through the standard approval process.
The incident became public knowledge after the attackers registered a domain called "metrics-trustwallet.com" and deployed a trojanized version of the extension. This malicious version contained a backdoor capable of capturing users’ wallet mnemonic phrases.
A warning was issued to around one million users of the Chrome extension, urging them to update to version 2.69 after a malicious version (2.68) was released on December 24, 2025. The attack resulted in the draining of funds from over 2,520 wallets, consolidating the stolen assets into 17 different wallets controlled by the cybercriminals. Trust Wallet initiated a reimbursement process for those affected, reviewing claims on a case-by-case basis to differentiate between genuine victims and potential fraudsters.
To prevent future breaches, Trust Wallet announced that it has implemented enhanced monitoring and controls concerning its release processes. The Shai-Hulud incident highlights the severe impact of software supply chain attacks, which have increasingly targeted various sectors, including cryptocurrency.
With the emergence of Shai-Hulud 3.0, identified by researchers as having advanced obfuscation techniques and improved reliability, the threat landscape remains critical for developers and organizations across the board.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.