Post-Mortem: The Trust Wallet Supply Chain Compromise (Dec 2025)
Anatomy of the Christmas Day Supply Chain Attack: How a CI/CD Pipeline Failure Led to a $7 Million Extraction Event.
On December 25, 2025, a sophisticated supply chain attack targeted the Trust Wallet Browser Extension (v2.68), resulting in the exfiltration of user seed phrases and a $7 million cumulative loss. This analysis dissects the CI/CD pipeline compromise, the malicious payload injection, and the on-chain laundering patterns observed during the "Christmas Heist."
31
Read More