GLOBAL SITUATIONMONITORING

482 published briefsUTCFri, Apr 3 04:00:08

Intelligence Tag

Leaked Developer Credentials

Developer credential leaks enabling unauthorized infrastructure access and release automation bypass.

1 intelligence brief← Intelligence Hub

Trust Wallet Browser Extension Poisoned via Shai-Hulud NPM Attack, $8.5M in Crypto Drained from 2,596 Users

Attackers exploited the Shai-Hulud NPM supply chain attack to leak Trust Wallet developer GitHub secrets, including the Chrome Web Store API key. Using this key, they uploaded a malicious version of Trust Wallet’s extension that harvested private keys and seed phrases, draining $8.5 million from 2,596 crypto wallets. The attack shows how compromised credentials eliminate…

Elles De Yeager

Jan 4, 2026

7–10 minutes