Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets.

The Shai-Hulud 2.0 self-replicating worm that hit the NPM registry in late November was responsible for the recent $8.5 million heist from cryptocurrency wallet Trust Wallet.

The theft came to light on December 25, when Trust Wallet announced that hackers targeted customers using version 2.68 of its Chrome browser extension.

In an incident post-mortem, the cryptocurrency wallet revealed that hackers published the malicious versions of the extension on December 24, and that all users who logged into their accounts between December 24 and 26 using the extension were affected.

“We have identified 2,520 wallet addresses that were affected by this incident and drained by the attackers, with approximately $8.5 million in assets impacted that can be associated with 17 wallet addresses controlled ...