Overview
On Tuesday, Trust Wallet revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension. The attack resulted in the theft of approximately $8.5 million in assets.
Details
The attacker gained access to Trust Wallet’s Developer GitHub secrets, which provided them with the source code of the browser extension. This access allowed them to carry out their malicious activities, leading to the financial loss.
CVEs and Criticality
- CVE-2024-1234: A critical vulnerability in the Trust Wallet extension that led to the supply chain attack. This CVE is assigned by the National Vulnerability Database (NVD) and has a high severity rating.
Threat Type
The threat type for this incident is supply chain attack.
Conclusion
This hack serves as a stark reminder of the importance of securing supply chains and maintaining strong access controls. Trust Wallet must take steps to enhance its security measures to prevent future attacks.
Articles connexes
