ZachXBT flags suspected Trust Wallet extension issue as users report drained funds

ambcryptoОпубликовано 2025-12-25Обновлено 2025-12-25

Введение

Security concerns emerged around the Trust Wallet browser extension on December 25, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update. Reports suggest a supply-chain compromise may have been introduced in a December 24 update, where newly added code could silently exfiltrate sensitive wallet data—particularly during seed phrase imports—leading to immediate fund draining. Multiple users reported losses, with unverified estimates exceeding $2 million. The malicious code allegedly sent data to a recently registered external domain mimicking Trust Wallet infrastructure. The issue appears limited to the browser extension, with no evidence of mobile app compromise. Trust Wallet has not yet issued an official response or advisory. Researchers emphasize the situation remains under investigation, warning users to avoid importing seed phrases into the extension until clarified. If confirmed, this would represent a significant supply-chain attack.

Security concerns have emerged around the Trust Wallet browser extension on 25 December, after blockchain investigator ZachXBT flagged suspicious activity potentially linked to a recent update, prompting warnings from developers and security-focused accounts.

According to posts circulating on X, the issue may stem from a suspected supply-chain compromise introduced in a 24 December browser extension update.

Newly added code within the extension could silently exfiltrate sensitive wallet data when users import a seed phrase. The claims suggest that this has led to immediate wallet draining.

Alleged Trust Wallet malicious code and data exfiltration claims

Developers examining the extension allege that a JavaScript file added in the update contains logic disguised as analytics.

The code is said to activate specifically when a seed phrase is imported. It then silently transmits wallet-related data to an external domain designed to resemble official Trust Wallet infrastructure.

The domain referenced in the reports was reportedly registered only days ago and has since gone offline.

Researchers argue that its recent creation and the timing of the extension update raise concerns about a coordinated supply-chain attack rather than user-side phishing.

Users report wallet drains following seed imports

Multiple users have reported wallets being drained shortly after importing seed phrases into the Trust Wallet browser extension.

Publicly shared estimates suggest that more than $2 million may have been lost. Although these figures have not been independently verified.

Analysts indicate that funds were routed through multiple addresses, a pattern more commonly associated with automated exploitation than isolated user error.

Scope appears limited to browser extension

At this stage, there is no indication that Trust Wallet’s mobile applications are affected.

The warnings circulating online are focused specifically on the browser extension. This is where update mechanisms and third-party dependencies present higher supply-chain risk.

Users are advised not to import seed phrases into the Trust Wallet browser extension until further clarification is provided.

No official response from Trust Wallet yet

As of the time of writing, Trust Wallet has not issued any public response, clarification, or security advisory addressing the allegations.

There has been no confirmation or denial of the claims, nor any announcement of an extension, rollback, or emergency patch.

Investigation ongoing

Researchers have emphasized that the situation remains under active investigation. Conclusions should not be drawn until the extension code and related on-chain activity have been fully reviewed.

If confirmed, the incident would represent a serious supply-chain compromise.

This is a class of attack that differs significantly from phishing or user-side mistakes. Also, it has historically resulted in rapid, large-scale losses across the crypto ecosystem.

Final Thoughts

  • The allegations point to a potentially serious supply-chain risk affecting wallet extensions, underscoring how code updates can become a critical attack vector if compromised.
  • With no response yet from Trust Wallet, users and researchers are left relying on independent investigation as scrutiny around the incident continues.

Связанные с этим вопросы

QWhat security concern was flagged by ZachXBT regarding the Trust Wallet browser extension?

AZachXBT flagged suspicious activity potentially linked to a recent update of the Trust Wallet browser extension, suggesting it could be a supply-chain compromise that leads to the silent exfiltration of sensitive wallet data and immediate draining of funds.

QHow does the suspected malicious code in the Trust Wallet extension allegedly operate?

AThe malicious JavaScript code, added in an update and disguised as analytics, is said to activate when a user imports a seed phrase. It then silently transmits wallet-related data to an external domain designed to look like official Trust Wallet infrastructure.

QWhat is the estimated financial impact based on user reports, and how were the funds moved?

APublicly shared estimates suggest that more than $2 million may have been lost, though this is unverified. Analysts indicate the funds were routed through multiple addresses, a pattern associated with automated exploitation rather than isolated user error.

QAre Trust Wallet's mobile applications also affected by this suspected compromise?

ANo, there is no indication that Trust Wallet’s mobile applications are affected. The warnings are specifically focused on the browser extension, which has higher supply-chain risk due to its update mechanisms and third-party dependencies.

QWhat is the current status of Trust Wallet's official response to these allegations?

AAs of the time the article was written, Trust Wallet had not issued any public response, clarification, or security advisory addressing the allegations. There has been no confirmation, denial, or announcement of an emergency patch.

Похожее

Kalshi-CFTC Fight In New Mexico Could Shape Prediction Market Rules

A jurisdictional battle between the U.S. Commodity Futures Trading Commission (CFTC) and the state of New Mexico over the regulation of prediction markets could set national rules for the industry. At issue is who polices platforms like Kalshi, with the CFTC asserting federal oversight and New Mexico arguing state gaming and consumer protection laws apply, especially for contracts resembling wagers on events like elections or sports. The outcome will determine if prediction markets can scale nationally under a clear federal framework or face a fragmented, state-by-state regulatory landscape. This dispute is significant for the crypto-adjacent trading community, which often engages with these speculative event markets. A clearer rulebook could boost mainstream adoption, liquidity, and integration with crypto infrastructure, while a state-led challenge could stifle growth. The case is particularly sensitive for sports-related contracts, where the line between financial markets and gambling blurs. Ultimately, this legal fight will shape whether prediction markets become a scalable national product or remain constrained by jurisdictional conflicts.

bitcoinist1 ч. назад

Kalshi-CFTC Fight In New Mexico Could Shape Prediction Market Rules

bitcoinist1 ч. назад

The Value Distribution of Stablecoins

**Summary: The Value Distribution of Stablecoins** The article argues that stablecoins are evolving from mere trading tools into broader channels for dollar access. It divides the stablecoin ecosystem into four layers to analyze how value is distributed: 1. **Issuance Layer:** Mints stablecoins, holds reserve assets, and captures the spread between reserve yield and user costs (e.g., Tether, Circle). This layer currently earns the largest profit margin. 2. **Infrastructure Layer:** Connects stablecoins to the traditional financial system, handling fiat on/off-ramps, banking integration, compliance (KYC/AML), and asset management (e.g., Bridge, BVNK). This is the "unglamorous" but critical work, building the essential bridges between crypto and real-world finance. 3. **Acquiring/Distribution Layer:** Integrates stablecoins into merchant systems, manages payment flows, and provides enterprise financial software (e.g., Stripe, Coinbase). They act as the access point for businesses. 4. **Application Layer:** The end-users and businesses that ultimately use stablecoins for payments, settlements, or as a store of value. They benefit from convenience but have little pricing power. The core thesis is that while the issuance layer currently dominates profits, the often-overlooked **infrastructure layer holds significant long-term potential**. The real challenge and barrier to mass adoption is not the on-chain transfer of stablecoins (which is simple), but the complex "last mile" integration into existing business workflows, banking systems, and regulatory frameworks across different countries. Companies in this layer are currently in a "land grab" phase, investing heavily to build networks, secure bank partnerships, and establish compliance pathways. While their position is currently pressured by the profitable issuers above and distribution platforms below, the article suggests that if stablecoins become a default financial rail for businesses, the infrastructure providers who have done the hard work of integration will ultimately gain strong pricing power and become entrenched, essential players.

marsbit6 ч. назад

The Value Distribution of Stablecoins

marsbit6 ч. назад

The Value Distribution of Stablecoins

The Value Distribution of Stablecoins The article argues that stablecoins are evolving from a mere trading tool into a broad "dollar channel." It analyzes the industry's value chain through four layers: 1. **Issuance Layer (e.g., Tether, Circle):** The top layer that mints stablecoins, holds reserve assets, and captures the thickest interest rate spread. 2. **Infrastructure Layer (e.g., Bridge, BVNK):** Connects stablecoins to the traditional financial system, handling critical but complex "dirty work" like fiat on/off-ramps, banking integration, compliance (KYC/AML), and cross-border settlement. 3. **Acquiring/Distribution Layer (e.g., Stripe, Coinbase):** Embeds stablecoins into merchant systems, manages payment flows, and integrates with enterprise software. 4. **Application Layer:** End-users and businesses that ultimately use stablecoins for payments, settlement, or storing value. The author posits that while the issuance layer currently captures the most profit, the most overlooked and potentially critical layer is infrastructure. The core challenge for stablecoin adoption isn't the on-chain transfer (which is simple), but bridging the gap between blockchain and the real-world financial system. This involves solving practical problems for businesses: fiat conversion, reconciliation, tax handling, and user onboarding. Infrastructure companies are currently in a difficult "land-grab" phase—building networks, securing banking relationships, and achieving compliance country-by-country. They face pressure from both the profitable issuance layer above and distribution platforms below. However, the author suggests this layer is building a crucial moat. Once stablecoins become a default business rail, the infrastructure players who have done the hard work of integration may gain significant, durable value and pricing power.

链捕手6 ч. назад

The Value Distribution of Stablecoins

链捕手6 ч. назад

Why Is Nvidia Borrowing $20 Billion When It's Not Short of Cash?

Nvidia's recent announcement to issue at least $20 billion in senior notes, despite holding a strong cash position with over $48.6 billion in free cash flow last quarter, is not a sign of financial need. Instead, it represents a strategic move to leverage its high credit rating (recently upgraded to AA by S&P) to secure low-cost, long-term debt. This capital will support long-term AI infrastructure investments, data centers, R&D, supply chain prepayments, and strategic investments, while allowing the company to continue aggressive shareholder returns through stock buybacks and dividends. The decision reflects a mature capital management strategy: using debt to finance long-term growth assets is more efficient and less dilutive to shareholders than equity financing. It signals that Nvidia, like other tech giants (Alphabet, Meta, Amazon), is entering a new phase of heavy AI capital expenditure, shifting from a pure growth story to a story about capital allocation, credit strength, and long-term ecosystem positioning. The key question for investors is whether Nvidia can maintain its high cash flow generation and ensure that returns from these AI investments justify the cost of capital over the long term. The bond issuance amplifies its expansion capabilities but also ties its valuation more closely to the broader AI investment cycle's sustainability and profitability.

marsbit7 ч. назад

Why Is Nvidia Borrowing $20 Billion When It's Not Short of Cash?

marsbit7 ч. назад

Liberland Fires Tech Secretary After Alleged Blockchain And Website Takeover Attempt

Liberland's congress has voted to remove Technology Secretary Dorian Stern Vukotić, following a resolution accusing him of attempting to hijack the Liberland.org domain, removing administrative multisig protections, blocking the president from voting, and launching unauthorized tokens. The incident serves as a case study in blockchain governance, highlighting risks that go beyond smart contracts to include control over domains, admin keys, and off-chain authority. For the crypto industry, it underscores the need to scrutinize decentralization claims against operational realities, where a small group can still compromise governance. The story reflects a broader market shift where infrastructure security and governance are becoming as critical as price action. Editorial framing should treat the development as a verified information signal about governance risks, avoiding overstatement of Liberland's legal status and leaving room for follow-up evidence.

bitcoinist7 ч. назад

Liberland Fires Tech Secretary After Alleged Blockchain And Website Takeover Attempt

bitcoinist7 ч. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow