Ethical Hacking News
In a devastating attack known as Shai-Hulud 2.0, a popular cryptocurrency wallet extension for Google Chrome fell prey to a software supply chain attack that drained $8.5M in assets from users' wallets. This attack highlights the importance of implementing robust security protocols and conducting regular audits to detect and prevent similar attacks. Stay informed about the latest security threats and take proactive measures to protect yourself from potential breaches.
The Trust Wallet Chrome extension was hit with a devastating supply chain attack known as Shai-Hulud 2.0, which allowed attackers to gain access through trusted software dependencies. The attackers breached Trust Wallet's GitHub secrets, obtaining full access to the Chrome Web Store (CWS) API key and allowing them to upload malicious builds directly without internal approval. Around $8.5M in cryptocurrency assets were drained from approximately 2,520 wallet addresses to just 17 wallets controlled by the attacker. The attackers stole cryptocurrency assets through a backdoor that harvested users' wallet mnemonic phrases and private keys. Trust Wallet has implemented additional monitoring capabilities and controls to prevent similar attacks in the future.
Trust Wallet, a popular cryptocurrency wallet extension for Google Chrome, has been hit with a devastating supply chain attack known as Shai-Hulud 2.0. This type of attack, first observed in November 2025, is an industry-wide software supply chain attack that allowed attackers to gain access through trusted software dependencies rather than directly targeting individual organizations.
The attack began when malicious code was introduced and distributed through commonly-used developer tooling. The attackers managed to breach Trust Wallet's GitHub secrets, allowing them to obtain full access to the Chrome Web Store (CWS) API key. This gave the attackers the ability to upload builds of the extension directly without Trust Wallet's standard release process, which requires internal approval and manual review.
The malicious update was pushed on December 24, 2025, targeting approximately one million users of the Trust Wallet Chrome extension. The first wallet-draining activity was publicly reported a day after the malicious update, resulting in $8.5M in cryptocurrency assets being drained from 2,520 wallet addresses to no less than 17 wallet addresses controlled by the attacker.
The attackers managed to steal this amount through a backdoor that allowed them to harvest users' wallet mnemonic phrases, which are used to secure and store cryptocurrencies on an exchange or a digital wallet. This backdoor also enabled the attackers to access users' private keys, giving them complete control over the cryptocurrency assets stored in the wallets.
Trust Wallet has since initiated a reimbursement claim process for impacted victims, but it's unclear when these claims will be processed. The company noted that reviews of submitted claims are ongoing and are being handled on a case-by-case basis. It also stressed that processing times may vary with each case due to the need to distinguish between victims and bad actors.
To prevent such breaches from occurring again, Trust Wallet has implemented additional monitoring capabilities and controls related to its release processes. These new measures will help ensure the security of user data and prevent similar attacks in the future.
The Shai-Hulud 2.0 attack highlights the importance of implementing robust security protocols and conducting regular audits to detect and prevent software supply chain attacks. It also emphasizes the need for companies to stay vigilant and adapt to emerging threats.
The threat landscape continues to evolve, with new vulnerabilities being discovered every day. As a result, it's essential for organizations and individuals to stay informed about the latest security threats and take proactive measures to protect themselves from potential breaches.
In conclusion, the Shai-Hulud 2.0 attack is a stark reminder of the devastating consequences that can occur when software supply chain attacks are not properly addressed. Trust Wallet's swift response to this incident will likely help mitigate some of the damage, but it also serves as a wake-up call for companies and individuals alike.
To stay ahead of these emerging threats, it's crucial to implement robust security protocols, conduct regular audits, and remain vigilant in detecting potential breaches. Only then can we hope to minimize the impact of such devastating attacks and protect ourselves from the devastating consequences of software supply chain attacks like Shai-Hulud 2.0.
Related Information:
https://www.ethicalhackingnews.com/articles/Shai-Hulud-20-The-Devastating-Supply-Chain-Attack-that-Drained-85M-from-Trust-Wallet-Chrome-Extension-ehn.shtml
https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html
https://www.securityweek.com/shai-hulud-supply-chain-attack-led-to-8-5-million-trust-wallet-heist/
Published: Wed Dec 31 11:21:02 2025 by llama3.2 3B Q4_K_M
