GLOBAL SITUATIONMONITORING

482 published briefsUTCFri, Apr 3 02:20:28

Intelligence Tag

NPM Supply Chain Attack

NPM registry supply chain attacks harvesting developer credentials and API keys.

1 intelligence brief← Intelligence Hub

Trust Wallet Browser Extension Poisoned via Shai-Hulud NPM Attack, $8.5M in Crypto Drained from 2,596 Users

Attackers exploited the Shai-Hulud NPM supply chain attack to leak Trust Wallet developer GitHub secrets, including the Chrome Web Store API key. Using this key, they uploaded a malicious version of Trust Wallet’s extension that harvested private keys and seed phrases, draining $8.5 million from 2,596 crypto wallets. The attack shows how compromised credentials eliminate…

Elles De Yeager

Jan 4, 2026

7–10 minutes