Trust Wallet Hack

Around December 24, 2025, Trust Wallet users lost about $8.5 million in a supply-chain attack centred on a trojanized Chrome browser extension. According to PeckShield, the malicious build was uploaded after attackers compromised a Web Store API key and exposed GitHub secrets, letting them push a poisoned version of the extension that siphoned user funds once installed. The incident formed part of a December 2025 that PeckShield tallied at roughly $76 million across 26 incidents, down about 60% from November. It illustrated how attackers are increasingly bypassing on-chain code entirely to target the software-distribution pipeline and developer credentials, and reinforced guidance to lock down publishing keys and CI secrets, enforce strict release signing, and treat browser-extension supply chains as a first-class security perimeter.