Plugin Wallet Security Incident Overview: Plagued by Counterfeit Software and Phishing Attacks, Direct Official Vulnerabilities Are Few

2 hours ago

December 26th — Trust Wallet issued a security alert this morning confirming a vulnerability in its browser extension (version 2.68). On-chain detective ZachXBT reports hundreds of users have already had funds stolen, with total losses hitting at least $6 million. Below are key security incidents involving major browser extension wallets: ### Trust Wallet (2022) Back in November 2022, Trust Wallet’s extension had a WebAssembly vulnerability affecting only new addresses created between Nov 14–23, 2022. The flaw led to ~$170k in stolen funds. Trust Wallet found the issue via its bug bounty program, patched it, and fully compensated affected users. ### MetaMask - **2022**: Faced a “Demonic” vulnerability (versions before 10.11.3) that exposed private keys in browser memory — no large-scale losses reported. - **2023–2025**: Official extension operated securely, but it’s often targeted by fake versions. A 2025 Chainalysis report noted a spike in abnormal thefts, driven mostly by counterfeit malware and phishing (not the wallet itself). - **Current**: MetaMask publishes monthly security reports on this, but as a top Ethereum plugin wallet, it remains a key counterfeit target. ### Phantom (Solana’s main wallet) - **2022**: Also had the “Demonic” vulnerability — no major losses reported. - **Early 2025**: A controversy arose after a user lost $500k when private keys were stored unencrypted in memory (leading to a hack). A class-action lawsuit was filed in the Southern District of New York. Phantom’s team denied all claims, calling the lawsuit “baseless” and noting Phantom is non-custodial (users bear fund security responsibility). ### Rabby Wallet (DeFi-focused) - **2022**: Hacked via a flaw in its Rabby Swap feature, leading to ~$200k in stolen crypto. The issue wasn’t with the extension itself, but the built-in swap tool. ### Key Takeaway The most common way extension wallets get compromised is via fake downloads. In 2025, multiple such incidents hit the Firefox store, targeting major wallets like MetaMask, Phantom, and Trust Wallet. Direct official vulnerabilities are far rarer. **Advice**: Only download extension wallets from the official Chrome Web Store to protect your funds.

Add to Favorites Download image Share x Copy link

Relevant content

SlowMist Reminder: When using a wallet at risk of being hacked, please make sure to disconnect from the internet before exporting the mnemonic phrase to transfer your assets.

December 26 – The Chief Information Security Officer (CISO) of SlowMist Technology shared on social media: - Users who’ve been consistently using a compromised version of the wallet must disconnect from the internet first, then export their mnemonic phrase to transfer assets. Opening the wallet online without this step risks compromise. - For wallets where the mnemonic phrase has already been backed up, transfer assets first before upgrading the wallet.

4 minutes ago

A Whale's BTC Short Position Leads to the Largest Single Liquidation Across the Network, Resulting in Over $17.6 Million in Total Settlement

December 26th — Per monitoring from HyperInsight (Telegram: https://t.me/HyperInsight) and Coinglass, a short-term 3% surge in BTC’s price has triggered notable liquidations across the network. The largest single liquidation in the past 24 hours hit $14.14 million, tied to a BTC long position from a Hyperliquid address starting with 0xa8e. Over the past hour, that same address’s 40x-leveraged BTC long position saw two large liquidations totaling roughly $17.63 million — with the biggest involving 160 BTC (equivalent to ~$14.14 million). Following full liquidation of the position, the address quickly opened a 40x-leveraged BTC short position: ~$7.1 million in size, entry price $88,040, liquidation price $89,820.

4 minutes ago

CZ: Trust Wallet Will Fully Cover Losses from Hack, User Funds Secure

On December 26, Binance founder Changpeng Zhao (CZ) posted on social media, stating: “To date, the Trust Wallet hack has resulted in total losses of approximately $7 million. Trust Wallet will fully cover the associated losses, and user funds are secure. The team is still actively investigating how the hacker was able to successfully submit and release a new version of the browser extension.”

4 minutes ago

Binance Will Support FXS Share (FXS) Mainnet Upgrade and Rebranding to Frax (FRAX)

December 26 — Binance announced today it will support the mainnet swap and rebranding of FXS Share (FXS) to Frax (FRAX). Binance will suspend trading and delist all existing FXS spot trading pairs (FXS/USDT) on January 13, 2026, at 11:00 UTC+8 (Beijing time). All open orders will be automatically canceled. FRAX/USDT spot trading will launch on January 15, 2026, at 16:00 UTC+8 (Beijing time).

4 minutes ago

SlowMist CISO: Trust Wallet developer's device or code repository may have been compromised by an attacker and needs to be investigated promptly