Lookonchain APP

App Store
Feeds Articles

Plugin Wallet Security Incident Overview: Plagued by Counterfeit Software and Phishing Attacks, Direct Official Vulnerabilities Are Few

2025.12.26 09:53:16

December 26th — Trust Wallet issued a security alert this morning confirming a vulnerability in its browser extension (version 2.68). On-chain detective ZachXBT reports hundreds of users have already had funds stolen, with total losses hitting at least $6 million. Below are key security incidents involving major browser extension wallets: ### Trust Wallet (2022) Back in November 2022, Trust Wallet’s extension had a WebAssembly vulnerability affecting only new addresses created between Nov 14–23, 2022. The flaw led to ~$170k in stolen funds. Trust Wallet found the issue via its bug bounty program, patched it, and fully compensated affected users. ### MetaMask - **2022**: Faced a “Demonic” vulnerability (versions before 10.11.3) that exposed private keys in browser memory — no large-scale losses reported. - **2023–2025**: Official extension operated securely, but it’s often targeted by fake versions. A 2025 Chainalysis report noted a spike in abnormal thefts, driven mostly by counterfeit malware and phishing (not the wallet itself). - **Current**: MetaMask publishes monthly security reports on this, but as a top Ethereum plugin wallet, it remains a key counterfeit target. ### Phantom (Solana’s main wallet) - **2022**: Also had the “Demonic” vulnerability — no major losses reported. - **Early 2025**: A controversy arose after a user lost $500k when private keys were stored unencrypted in memory (leading to a hack). A class-action lawsuit was filed in the Southern District of New York. Phantom’s team denied all claims, calling the lawsuit “baseless” and noting Phantom is non-custodial (users bear fund security responsibility). ### Rabby Wallet (DeFi-focused) - **2022**: Hacked via a flaw in its Rabby Swap feature, leading to ~$200k in stolen crypto. The issue wasn’t with the extension itself, but the built-in swap tool. ### Key Takeaway The most common way extension wallets get compromised is via fake downloads. In 2025, multiple such incidents hit the Firefox store, targeting major wallets like MetaMask, Phantom, and Trust Wallet. Direct official vulnerabilities are far rarer. **Advice**: Only download extension wallets from the official Chrome Web Store to protect your funds.
Add to Favorites Download image Share x Copy link
Relevant content

A wallet linked to @RookieXBT spent 25,000 $USDC to buy 1.89M $SPIKE.

A wallet linked to @RookieXBT spent 25,000 $USDC to buy 1.89M $SPIKE.

23 hours ago

KAT Surges Over 70% in 24 Hours, Briefly Crossing $0.019

April 24th — Per HTX market data, KAT (Katana) briefly surged above $0.019, posting a 24-hour gain of over 70%. The token is now trading at $0.01845, with a market capitalization of $47 million. KAT is the native token of Katana, an Ethereum Layer 2 blockchain focused on decentralized finance (DeFi).

23 hours ago

If Bitcoin surpasses $79,000, the mainstream CEXs' total short liquidation volume will reach $647 million.

Per Coinglass data as of April 24, Bitcoin’s cumulative short liquidation intensity across major centralized exchanges (CEXs) would hit $647 million if the token breaks above $79,000. Conversely, a drop below $77,000 would trigger $597 million in cumulative long liquidation intensity on those same major CEXs. **Note from BlockBeats**: Liquidation charts do not display the exact number or value of contracts set to be liquidated. Instead, the bars reflect how significant each liquidation cluster is compared to adjacent clusters — in other words, its intensity. Accordingly, these charts illustrate how much the underlying asset’s price will be impacted when it hits a specific level: a taller liquidation bar signals a stronger price reaction driven by a liquidity cascade.

23 hours ago

Polymarket Adds Steam Account Login

April 24 — Polymarket has added Steam account login support, per the platform’s official website.

23 hours ago

HYPE Finance Company HypeStrat Increases HYPE Holdings by 186,877 Coins Over 4 Days, Worth $7.6 million

April 24 — According to Hypurrintel data, HypeStrat, the treasury arm of HYPE Treasury Company, has added 186,877 HYPE tokens to its holdings over the past four days, with the purchase valued at $7.6 million. As of now, HypeStrat holds 19.15 million HYPE tokens (worth approximately $7.8 billion) alongside $1.12 billion in cash.

23 hours ago

US Semiconductor Stocks Continue to Rise in Pre-market Trading, Intel's Gain Widens to 30%

April 24 — Pre-market trading for U.S. semiconductor stocks continued to climb, per Bitget data. Intel (INTC) extended gains to 30%, Advanced Micro Devices (AMD) rose more than 10%, Arm Holdings (ARM) jumped over 8%, and Taiwan Semiconductor Manufacturing Co. (TSMC) gained 4%.

23 hours ago

Hot feeds

A trader profits $448K by monitoring #Binance's new listings!

2024.12.13 17:37:29

Last week, funds have flowed into #Bitcoin, #Ethereum, and #Hyperliquid.

2024.12.16 14:48:36

A $PEPE whale that had been dormant for 600 days transferred all 2.1T $PEPE($52M) to a new address.

2024.12.14 10:35:27

A smart #AI coin trader made $17.6M on $GOAT, $ai16z, $Fartcoin,$arc.

2025.01.05 16:05:18

When Elon Musk tweeted about Moltbook, the meme coin MOLT experienced a short-term 30% price surge, hitting a new all-time high of $114 million.

2026.01.31 18:37:29

A sniper earned 2,277 $ETH ($8.3M) trading $SHIRO within 18 hours!

2024.12.03 23:09:08

 More

Hot Articles

Follow us

X

Follow

Telegram

Join