ZachXBT flags suspected Trust Wallet extension issue as users report drained funds

ambcryptoОпубликовано 2025-12-25Обновлено 2025-12-25

Введение

Security concerns emerged around the Trust Wallet browser extension on December 25, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update. Reports suggest a supply-chain compromise may have been introduced in a December 24 update, where newly added code could silently exfiltrate sensitive wallet data—particularly during seed phrase imports—leading to immediate fund draining. Multiple users reported losses, with unverified estimates exceeding $2 million. The malicious code allegedly sent data to a recently registered external domain mimicking Trust Wallet infrastructure. The issue appears limited to the browser extension, with no evidence of mobile app compromise. Trust Wallet has not yet issued an official response or advisory. Researchers emphasize the situation remains under investigation, warning users to avoid importing seed phrases into the extension until clarified. If confirmed, this would represent a significant supply-chain attack.

Security concerns have emerged around the Trust Wallet browser extension on 25 December, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update, prompting warnings from developers and security-focused accounts.

According to posts circulating on X, the issue may stem from a suspected supply-chain compromise introduced in a 24 December browser extension update.

Newly added code within the extension could silently exfiltrate sensitive wallet data when users import a seed phrase. The claims suggest that this has led to immediate wallet draining.

Alleged Trust Wallet malicious code and data exfiltration claims

Developers examining the extension allege that a JavaScript file added in the update contains logic disguised as analytics.

The code is said to activate specifically when a seed phrase is imported. It then silently transmits wallet-related data to an external domain designed to resemble official Trust Wallet infrastructure.

The domain referenced in the reports was reportedly registered only days ago and has since gone offline.

Researchers argue that its recent creation and the timing of the extension update raise concerns about a coordinated supply-chain attack rather than user-side phishing.

Users report wallet drains following seed imports

Multiple users have reported wallets being drained shortly after importing seed phrases into the Trust Wallet browser extension.

Publicly shared estimates suggest that more than $2 million may have been lost. Although these figures have not been independently verified.

Analysts indicate that funds were routed through multiple addresses, a pattern more commonly associated with automated exploitation than isolated user error.

Scope appears limited to browser extension

At this stage, there is no indication that Trust Wallet’s mobile applications are affected.

The warnings circulating online are focused specifically on the browser extension. This is where update mechanisms and third-party dependencies present higher supply-chain risk.

Users are advised not to import seed phrases into the Trust Wallet browser extension until further clarification is provided.

No official response from Trust Wallet yet

As of the time of writing, Trust Wallet has not issued any public response, clarification, or security advisory addressing the allegations.

There has been no confirmation or denial of the claims, nor any announcement of an extension, rollback, or emergency patch.

Investigation ongoing

Researchers have emphasized that the situation remains under active investigation. Conclusions should not be drawn until the extension code and related on-chain activity have been fully reviewed.

If confirmed, the incident would represent a serious supply-chain compromise.

This is a class of attack that differs significantly from phishing or user-side mistakes. Also, it has historically resulted in rapid, large-scale losses across the crypto ecosystem.

Final Thoughts

  • The allegations point to a potentially serious supply-chain risk affecting wallet extensions, underscoring how code updates can become a critical attack vector if compromised.
  • With no response yet from Trust Wallet, users and researchers are left relying on independent investigation as scrutiny around the incident continues.

Связанные с этим вопросы

QWhat security concern was flagged by ZachXBT regarding the Trust Wallet browser extension?

AZachXBT flagged suspicious activity potentially linked to a recent update of the Trust Wallet browser extension, suggesting it could be a supply-chain compromise that leads to the silent exfiltration of sensitive wallet data and immediate draining of funds.

QHow does the suspected malicious code in the Trust Wallet extension allegedly operate?

AThe malicious JavaScript code, added in an update and disguised as analytics, is said to activate when a user imports a seed phrase. It then silently transmits wallet-related data to an external domain designed to look like official Trust Wallet infrastructure.

QWhat is the estimated financial impact based on user reports, and how were the funds moved?

APublicly shared estimates suggest that more than $2 million may have been lost, though this is unverified. Analysts indicate the funds were routed through multiple addresses, a pattern associated with automated exploitation rather than isolated user error.

QAre Trust Wallet's mobile applications also affected by this suspected compromise?

ANo, there is no indication that Trust Wallet’s mobile applications are affected. The warnings are specifically focused on the browser extension, which has higher supply-chain risk due to its update mechanisms and third-party dependencies.

QWhat is the current status of Trust Wallet's official response to these allegations?

AAs of the time the article was written, Trust Wallet had not issued any public response, clarification, or security advisory addressing the allegations. There has been no confirmation, denial, or announcement of an emergency patch.

Похожее

Microsoft CEO's Lengthy Post: Two Types of Capital in the Future, Human Capital + Token Capital

Microsoft CEO Satya Nadella published a long essay titled "A frontier without an ecosystem is not stable," expressing deep concerns about the future of enterprises in the AI-driven economy. He argues that AI is fundamentally changing competition by enabling models to absorb and commodify human expertise, potentially allowing a few dominant AI systems to capture disproportionate economic value. To counter this, Nadella introduces the concepts of "Human Capital" (employee knowledge, judgment, creativity) and "Token Capital" (proprietary AI capabilities). He emphasizes that these two forms of capital must create a compounding "learning loop" within organizations, where human guidance drives AI improvement and accumulated institutional knowledge becomes a key competitive advantage. Nadella warns against a future where industries are hollowed out by a few AI models, similar to past outsourcing waves. Instead, he calls for building a diverse AI ecosystem where every company can innovate, retain control over its intellectual property, and ensure value flows broadly across the economy.

marsbit3 мин. назад

Microsoft CEO's Lengthy Post: Two Types of Capital in the Future, Human Capital + Token Capital

marsbit3 мин. назад

From a $300 Million Valuation to a 'Fire Sale' at Tens of Millions: What Happened to Messari?

On June 12, leading crypto data and capital markets platform Blockworks announced its acquisition of competitor Messari for over $10 million. This price represents a significant discount from Messari's 2022 valuation peak of approximately $300 million, highlighting the survival pressures faced by high-valuation startups during the bear market and a consolidation wave in data infrastructure. Blockworks, founded in 2018, began as a media and events company but has pivoted to focus on institutional-grade data, investor relations, and compliance tools. Its recent Series A extension round, valuing the company at $192 million, aimed to fund this shift and strategic acquisitions like this one. Messari, also founded in 2018, grew as a go-to platform for professional crypto research and data, raising a $35 million Series B at its $300 million valuation in late 2022. However, the prolonged bear market and subsequent internal changes, including founder Ryan Selkis's departure in 2024, increased operational pressures. The acquisition integrates Messari's extensive data platform and API capabilities with Blockworks's strengths in issuer-side disclosure, investor relations, and compliance workflows. The combined entity aims to build a unified "system of record" for the on-chain market. This reflects a broader industry trend where high-quality, structured data is becoming critical for institutional adoption, AI agents, and creating data moats akin to traditional financial platforms like Bloomberg. The deal exemplifies how market consolidation is reshaping the fragmented crypto data landscape.

marsbit3 мин. назад

From a $300 Million Valuation to a 'Fire Sale' at Tens of Millions: What Happened to Messari?

marsbit3 мин. назад

If the AI Bubble Is Already Bursting, Who Will Truly Survive?

If the AI Bubble is Bursting, Who Will Remain? The debate over an AI bubble is intensifying, with figures like Ray Dalio warning of high levels and Jensen Huang seeing immense, early-stage opportunity. Both views hold truth: a speculative bubble in capital markets likely exists, mirroring the dot-com era, but the underlying technological shift is real and transformative. History shows that while bubbles burst—wiping out overvalued companies and speculative capital—they often leave behind critical physical and digital infrastructure. The dot-com bust, for instance, eliminated many firms but left the global fiber optic networks and data centers that enabled the rise of Amazon, Netflix, and cloud computing. Today's massive AI infrastructure investments (projected at trillions by 2030) in data centers, power, cooling, and GPUs may follow a similar path, creating the foundation for future applications. A key divergence from past bubbles is the "Jevons Paradox" effect in AI. As the cost of AI inference has plummeted by over 99.7% since 2023, enterprise spending on AI has skyrocketed. Cheap "tokens" have unlocked vast, previously uneconomical use cases, moving AI from simple chatbots into core business workflows—code generation, legal document review, scientific simulation, and financial analysis. The market is now in a phase of self-correction, weeding out superficial "API-wrapper" startups, but this cleansing process strengthens the ecosystem. The long-term trajectory is clear. The value is gradually shifting from capital expenditure (CapEx) on hardware to operational expenditure (OpEx) on transformative applications. As AI becomes a utility, the winners will be firms that deeply integrate it to solve vertical industry problems in law, healthcare, finance, and manufacturing. The泡沫 will recede, but the foundational shift towards an AI-powered era across all sectors is irreversible. The underlying productive force of AI contains no bubble.

marsbit35 мин. назад

If the AI Bubble Is Already Bursting, Who Will Truly Survive?

marsbit35 мин. назад

If the AI Bubble Is Already Bursting, Who Will Truly Remain?

**Summary: If the AI Bubble is Bursting, What Will Remain?** The debate around an AI bubble is intensifying, with figures like Ray Dalio warning of high valuations while Jensen Huang sees immense opportunity. This echoes the dot-com bubble, which saw massive wealth destruction but ultimately left behind critical infrastructure like undersea cables and broadband, enabling future giants like Amazon and Netflix. Similarly, today's AI boom involves trillions invested in data centers, power, cooling, and GPUs, while application-layer revenue remains comparatively modest. This investment-disparity signals a bubble. However, the core technological progress is real and accelerating. AI inference costs have plummeted by over 99.7% since 2023, making intelligence increasingly cheap and accessible. This cost collapse is unlocking vast new demand. Instead of reducing spending, enterprises are tripling their AI cloud expenditure. Cheap "tokens" enable AI to move beyond simple chatbots into complex workflows—automating code writing, legal document review, financial analysis, and scientific research. This follows "Jevons's paradox": improved efficiency leads to greater total consumption. The market is now undergoing a necessary purification, weeding out "API-wrapper" startups with no real moat. The deeper evolution involves a shift from capital expenditure (CapEx) on infrastructure to operational expenditure (OpEx) on value-creation in applications. While hardware vendors currently profit most, long-term value will migrate to AI-native firms solving vertical industry problems. Ultimately, a market correction will cleanse speculative excess but will not reverse the AI+ trend. The massive physical and algorithmic infrastructure being built will endure, becoming a cheap, utility-like foundation. Just as the internet became indispensable to all industries post-2000, AI is poised to empower and redefine every sector, moving society irreversibly toward an intelligence-augmented era. The bubble may burst, but the underlying productive momentum is solid.

链捕手41 мин. назад

If the AI Bubble Is Already Bursting, Who Will Truly Remain?

链捕手41 мин. назад

Microsoft CEO: In the AI Era, How Do You Define a Company's Moat?

Microsoft CEO Satya Nadella argues that in the AI era, a company's true competitive edge, or "moat," is not determined by choosing the single most powerful model, but by its ability to build a continuous "learning loop." This system integrates and evolves by connecting human workflows, domain expertise, organizational judgment, and employee experience. He posits that future companies will accumulate two types of capital: Human Capital (employee knowledge, judgment, creativity) and "Token Capital" (a firm's own built and owned AI capabilities). Importantly, AI amplifies rather than devalues human capital. Human direction is essential to guide progress, as computational power alone is aimless. The core opportunity lies in creating a closed-loop system where human and token capital reinforce each other in a compound, self-improving cycle. A company must be able to preserve its unique institutional knowledge—its "company veteran" expertise—even if it switches underlying general-purpose AI models. This requires private evaluation benchmarks, reinforcement learning environments based on internal data, and queryable knowledge bases. Nadella warns against a future where economic value is concentrated by a few dominant models that commoditize entire industries' knowledge. Instead, the priority should be building a broad "frontier ecosystem" where every company, industry, and nation can own its learning loop. This allows organizations to retain control of their intellectual property, amplify employee capabilities, and ensure the economic value created by AI is captured within their own businesses and communities. True corporate sovereignty in the AI age comes from turning organizational knowledge into a compounding system that creates enduring, defensible value.

marsbit1 ч. назад

Microsoft CEO: In the AI Era, How Do You Define a Company's Moat?

marsbit1 ч. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow