2025-12-29 15:22:33

After years of crawling and fighting in the industry, I’ve seen many storms, but this time, a hacker incident involving a popular wallet browser extension still sends chills down my spine—an official version turned into an intrusion tool. This blow has awakened many to their reliance on the “security illusion.”

**Timeline: Carefully Crafted Christmas Hijacking**

The story begins on December 8. The hacker registered a spoofed domain api.metrics-trustwallet[.]com and lay in wait for two weeks without action. On December 22, a tampered version v2.68.0 was pushed out through official channels.

By Christmas Day, the fund transfers began. On-chain tracking expert ZachXBT’s monitoring data shows that within just a few days, at least $6 million to $7 million in crypto assets vanished, affecting hundreds of users.

**The Hacker’s True Cleverness**

This isn’t a brute-force server intrusion. The hacker inserted a seemingly harmless PostHog data analytics tool into the code—something wallet companies commonly use in their daily operations. But this tool left a backdoor: when users recharge and reopen the wallet, it quietly steals their mnemonic phrases.

This is a textbook case of supply chain attack. Instead of hacking the server, the attacker poisoned the official distribution channels—tricking users into handing over their private keys to thieves.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

14 Likes

Reward
14
6
Repost
Share

Comment

0/400

FrontRunFighter

· 01-01 15:22

supply chain poison at its finest... they didn't even have to breach the fortress, just walked through the front door wearing a corporate badge. PostHog looking real sus now ngl

Reply0

gas_fee_therapist

· 01-01 14:23

I knew this kind of thing would happen sooner or later. Trust Wallet is such a big wallet and it’s already compromised. Who can we still trust? The official channel poisoning operation is really clever, making it hard to defend against. 7 million dollars, gone just like that—that’s what a real rug pull looks like. No need to update; it’s become a new meme. Whenever I see the official push version, I have to think twice now. The PostHog backdoor method is something I need to remember; it’s so meticulous. It’s about time to diversify wallets and not put all your eggs in one basket—deservedly so. If you ask me, this is due to an immature ecosystem, and we still have to rely on self-protection. If the mnemonic phrase is stolen, how can it be saved? We can only accept bad luck. Supply chain bottlenecks are unavoidable in crypto too. It seems there’s no such thing as absolute security; it’s just about who has higher intrusion costs.

View OriginalReply0

SchrodingersFOMO

· 2025-12-29 15:50

I'm not there, we can't trust anything, right? Even the official channels can be compromised, this is bad. The dog coefficient has risen again. Damn, this technique is perfect. The trap in PostHog is really deep. Next time, I won't click on anything. I'm really shocked this time. Over 6 million USD just disappeared, what else can we do? Official channels have been compromised, who can we trust now? This blow to the supply chain was too harsh, impossible to guard against. Christmas hijacking, this hacker's mind is really sharp. I've always said not to trust wallets too much, and now it's true. The theft of the mnemonic phrase, just thinking about it is terrifying. Now I have to mess around and change wallets again, so annoying.

View OriginalReply0

GrayscaleArbitrageur

· 2025-12-29 15:41

Wow, I can't believe even the official channels are not trusted anymore. What's the point of playing around? Wait, the PostHog backdoor move is indeed brilliant. I need to check my version number. Don't tell me I also got infected. I did update during those Christmas days... It's just ridiculous. Trust is like this now. In the future, I need to deploy across multiple chains. This hacker really put in effort, lying in wait for two weeks before striking. Their professionalism is on point.

View OriginalReply0

StakeOrRegret

· 2025-12-29 15:37

Damn, 6 to 7 million just disappeared like that, Christmas gift turned into Christmas hijacking. Once again, supply chain poisoning. I thought the official version was a fortress. That backdoor in PostHog is really something, too ruthless. This time I have to learn my lesson; cold wallets are the real boss.

View OriginalReply0

RadioShackKnight

· 2025-12-29 15:24

$6,000,000 to $7,000,000 just disappeared like that, still starting from the official version, damn this technique is really clever --- Official channels can't even hold on, what can we expect then --- PostHog backdoor move I need to remember, this hacker is too ruthless --- Christmas hijacking funds... even screenwriters wouldn't dare write this --- Waited two weeks before striking, this patience is stronger than my coin holding --- Hundreds of people were robbed, ZachXBT caught them, what else can be done --- Losing the mnemonic phrase like this, no matter how many layers of encryption, it's useless --- The official itself has become the biggest intrusion tool, ironic --- Supply chain is truly Web3's Achilles' heel, no matter how you defend, you can't prevent it --- By the way, is anyone still running version v2.68.0 now?

View OriginalReply0