Trust Wallet's Chrome extension was compromised due to a supply chain attack linked to the Shai-Hulud outbreak in November 2025. The breach allowed attackers to steal around $8.5 million from users by exploiting exposed GitHub secrets, which included the extension’s source code and Chrome Web Store API key. With this access, the attackers uploaded a malicious version of the extension to a domain they registered, "metrics-trustwallet[.]com." This trojanized extension contained a backdoor that harvested users' wallet mnemonic phrases, activating each time the wallet was unlocked. Cybersecurity firm Koi highlighted that the malware extracted sensitive data regardless of how users interacted with their wallets, compromising all configured wallets, not just the active ones. The attack was well-planned, with evidence suggesting the malicious infrastructure was established weeks before the update was rolled out on December 24, 2025. Trust Wallet quickly responded by urging users to update to version 2.69 to mitigate the threat and initiated a reimbursement process for those affected. The incident has broader implications, as it’s part of a larger software supply chain attack affecting multiple sectors. Trust Wallet has since implemented enhanced monitoring and controls to prevent future breaches. Meanwhile, the emergence of Shai-Hulud 3.0 indicates ongoing threats, with improved obfuscation techniques aimed at prolonging the effectiveness of such attacks on developer environments.