Shai-Hulud Worm Fuels $8.5 Million Trust Wallet Crypto Heist

Trust Wallet lost $8.5M in a Shai-Hulud attack; users urged to update to version 2.69 for security.

By Content Team

Dec 31, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Trust Wallet lost $8.5 million to hackers who exploited the Shai-Hulud supply chain attack that hit NPM in November. The attackers used leaked developer credentials to publish a malicious version of Trust Wallet's Chrome extension on December 24.

The fake extension targeted 2,520 wallet addresses, draining funds from users who logged in between December 24-26. Trust Wallet will reimburse all affected customers and urges users to update to version 2.69 immediately.

Shai-Hulud is a self-replicating worm that infected over 640 NPM packages, creating 25,000 data-leaking repositories. Despite cleanup efforts, over 12,000 machines remain compromised with exposed credentials still circulating.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Ivanti Zero-Days Hit European Governments in Fresh Attack Wave

Feb 13, 2026

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026

Healthcare Recruitment Platform Hit by Major Cyber Attack Affecting Northern Ireland Health Trusts

Apr 11, 2026

Substack Confirms Data Breach Affecting 700,000 Users After Hacker Leaks Information

Feb 6, 2026