The Trust Wallet browser extension hack has been linked to a wider supply-chain attack known as Shai-Hulud. The incident allowed attackers to push a malicious update through official channels, leading to the theft of approximately $8.5 million in cryptocurrency. Trust Wallet says the compromise stemmed from previously exposed developer credentials rather than a direct breach of its core systems.
The case highlights how supply-chain weaknesses can bypass traditional security controls and affect users at scale.
Malicious extension update led to theft
The incident centered on a compromised version of Trust Wallet’s browser extension that was distributed through the official browser extension store. Users who installed or updated to the affected version and unlocked their wallets during a limited time window were exposed.
Once active, the malicious code harvested sensitive wallet data. Attackers used that information to drain funds from affected wallets shortly after access was obtained. Thousands of wallets were impacted before the issue was detected and contained.
Link to the Shai-Hulud supply-chain incident
Trust Wallet says the browser extension hack is connected to the earlier Shai-Hulud supply-chain attack that impacted the wider software ecosystem. That incident involved the exposure of developer secrets during a compromise of third-party dependencies.
According to the company, those exposed credentials were later used to upload a tampered extension build. This allowed attackers to bypass internal approval processes and publish a malicious version that appeared legitimate to users.
How the compromise bypassed safeguards
The attackers did not exploit Trust Wallet users directly at first. Instead, they targeted the software supply chain. By abusing leaked credentials, they gained the ability to push code through trusted distribution channels.
This approach made the attack particularly dangerous. Users had no visible warning signs, as the extension update came from an official source and behaved normally until wallets were unlocked.
Trust Wallet’s response and mitigation steps
After identifying the issue, Trust Wallet removed the malicious version and released a clean update. The company urged users to update immediately and warned that any wallets accessed during the affected period should be treated as compromised.
Trust Wallet also launched a claims process for affected users. The company says it is reviewing cases individually as part of its response to the financial losses caused by the attack.
Why this incident matters for crypto security
The Trust Wallet browser extension hack shows how supply-chain attacks can undermine even well-secured platforms. Wallet software remains a high-value target because it handles private keys and irreversible transactions.
The incident reinforces the importance of securing developer environments, monitoring release pipelines, and limiting credential exposure. For users, it highlights the risks of browser-based wallets and the importance of rapid response when security alerts emerge.
Conclusion
The Trust Wallet browser extension hack demonstrates the real-world impact of supply-chain compromises in the crypto ecosystem. By abusing credentials tied to the Shai-Hulud incident, attackers were able to distribute malicious code and steal millions in digital assets. The case serves as a reminder that trust in software distribution channels must be continually reinforced through strong operational security and rapid incident response.
0 responses to “Trust Wallet browser extension hack linked to Shai-Hulud attack”