Ddos 
Earlier, Binance-owned non-custodial crypto wallet Trust Wallet fell victim to a hacking incident in which attackers, through as-yet-unknown means, directly replaced the Trust Wallet listing in the Google Chrome Web Store. The substituted version contained a backdoor designed to steal users’ wallet seed phrases.
As of the time of writing, the total recorded losses have reached approximately $8.5 million. Since Trust Wallet has been owned by Binance since 2018, Binance has stepped in to cover the losses, ensuring that affected users receive full compensation rather than bearing the damage themselves.
The original point of compromise turned out to be an NPM supply-chain attack orchestrated by a hacking group known as Shai-Hulud. This large-scale incident reverberated across the industry, with numerous NPM packages hijacked and injected with backdoors. In November 2025, multiple NPM packages were compromised, an attack that ultimately impacted Trust Wallet and led to the leakage of the developers’ GitHub credentials. With these keys, the attackers gained access to the extension’s source code as well as the Google Chrome Web Store API keys.
Armed with the API keys, the attackers were able to publish new versions of the extension without undergoing the Trust Wallet team’s mandatory review process—an abuse that directly enabled the malicious replacement of the official extension.
In December 2025, the attackers began laying the groundwork by registering a new domain, metrics.trustwallet.com, to host malicious infrastructure later used by the backdoored Trust Wallet extension.
Because the GitHub API credentials had been exposed, the attackers obtained the complete source code of earlier Trust Wallet versions. They recompiled the extension themselves, injected a backdoor, and then used Google’s Chrome Web Store API keys to upload the malicious build directly.
By around December 25, 2025, the attackers had already harvested seed phrases from numerous wallets. Rather than acting immediately, they waited for the Christmas holiday—when both the Trust Wallet team and users were likely to be less vigilant.
On Christmas Day, the first confirmed cases of wallet theft were publicly reported. Security researchers 0xAkinator and ZachXBT identified the anomaly and actively traced the attackers’ wallet addresses, while Trust Wallet partner Hashdit and internal monitoring systems raised multiple alerts.
Subsequently, white-hat security researchers launched DDoS attacks against domains controlled by the attackers, disrupting their servers. This intervention prevented the malicious extension from communicating with its backend, thereby limiting further losses and reducing the number of victims.
Ultimately, Trust Wallet rolled back to a verified clean release and pushed version 2.69 to users via Google’s update mechanism. In total, the attackers succeeded in stealing approximately $8.5 million in cryptocurrency, though funds in some wallets were frozen before they could be laundered.
Donate