Gate News reports that on March 18, a cryptocurrency theft involving approximately $7 million was disclosed. Market sources indicate that a Chinese hacker group disguised as a cybersecurity company targeted wallet service providers like Trust Wallet and their users through supply chain attacks, conducting systematic thefts across multiple blockchain networks.
According to disclosures, the group used Wuhan-based company as a cover, claiming to engage in vulnerability research and security services. However, internal members developed automated tools to scan mnemonic phrases in bulk and identify high-value wallet assets. The attacks covered mainstream networks such as Ethereum, BNB Chain, and Arbitrum, involving dozens of token assets.
On a technical level, the gang exploited supply chain vulnerabilities in Electron-based desktop clients and browser plugins, combined with reverse engineering and remote control programs to access user wallet data and transfer funds. The stolen assets were then split and transferred across multiple chains to increase difficulty in tracking.
The exposure of this incident was triggered by internal conflicts. A member, dissatisfied with profit sharing and not receiving promised compensation, chose to disclose relevant evidence and stated they would provide more details to law enforcement. Official confirmation of these allegations has not yet been made, and regulatory authorities have not announced any investigation updates.
Industry experts point out that such attacks highlight the fragility of wallet supply chain security. Risks are not only present in private key management but also lurk in plugin extensions, client updates, and software packaging. For users relying on self-custody wallets, any third-party component could become a potential entry point.
In the current environment, strengthening supply chain audits, reducing plugin dependencies, and enhancing endpoint device security have become fundamental measures to safeguard digital assets.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
