Signal

Shai-hulud-linked supply-chain compromise tied to trust wallet chrome extension theft (~$8

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2025-12-31 11:58 UTCUpdated 2025-12-31 16:29 UTC

rss

securitysupply_chain_attackbrowser_extensionwallet_securitytrust_walletgithub_secrets

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

The Hacker News · News · thehackernews.com · 2025-12-31 16:29 UTC

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

SecurityWeek · News · securityweek.com · 2025-12-31 11:58 UTC

limited source diversity in top sources

View all evidence

Overview

A supply-chain compromise can cascade from developer credential exposure into end-user theft when attackers gain the ability to publish or modify widely distributed software. In this case, reporting ties exposed Trust Wallet developer GitHub secrets to a compromised Chrome extension release and subsequent asset drain, framed as part of Shai-Hulud activity.

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Both outlets published incident details on Dec 31
New reporting emphasizes GitHub secret exposure as the enabling step
Incident is framed as tied to Shai-Hulud activity (incl. Nov 2025 iteration)

Why it matters

Shows how exposed developer secrets can enable malicious software distribution
Highlights browser extensions as a high-impact theft vector
Quantifies reported impact at ~$8.5M (and 2,520 wallets per one report)

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Reporting links the Trust Wallet Chrome extension compromise to Shai-Hulud supply-chain activity.
Trust Wallet said its developer GitHub secrets were exposed, enabling attacker access to the browser extension source/publishing path.
The incident is reported to have resulted in approximately $8.5 million in stolen assets.

How sources frame it

The Hacker News: neutral
SecurityWeek: neutral

Two outlets converge on the same incident: a Shai-Hulud-linked supply-chain compromise leading to a backdoored Trust Wallet Chrome extension and reported ~$8.5M theft.

All evidence

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

The Hacker News · thehackernews.com · 2025-12-31 16:29 UTC

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

SecurityWeek · securityweek.com · 2025-12-31 11:58 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Hacker News (1)
SecurityWeek (1)

Top origin domains (this list)

thehackernews.com (1)
securityweek.com (1)