Trade
Basic
Futures
Futures
Hundreds of contracts settled in USDT or BTC
Options
HOT
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
NEW
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
NEW
Earn futures points and claim airdrop rewards
Investment
Simple Earn
Earn interests with idle tokens
Auto-Invest
Auto-invest on a regular basis
Dual Investment
Buy low and sell high to take profits from price fluctuations
Soft Staking
Earn rewards with flexible staking
Crypto Loan
0 Fees
Pledge one crypto to borrow another
Lending Center
One-stop lending hub
VIP Wealth Hub
Customized wealth management empowers your assets growth
Private Wealth Management
Customized asset management to grow your digital assets
Quant Fund
Top asset management team helps you profit without hassle
Staking
Stake cryptos to earn in PoS products
Smart Leverage
NEW
No forced liquidation before maturity, worry-free leveraged gains
GUSD Minting
Use USDT/USDC to mint GUSD for treasury-level yields
More
Trending Topics
View More4.66K Popularity
5.31K Popularity
50.24K Popularity
7.45K Popularity
86.19K Popularity
Pin
#私钥与钱包安全漏洞 This recent incident with Trust Wallet has been quite upsetting to watch. The backdoor in version 2.68 led to over 6 million USD being lost, with attackers starting their planning as early as December 8th and only executing the attack around Christmas—this method is extremely professional, clearly an APT-level targeted strike.
Do you remember the wave of exchange hacks in 2018? Back then, everyone was debating cold wallets versus hot wallets. Looking back now, the real risk has never been in the wallets themselves but in the invisible conduit of the code. The reputation of Trust Wallet being open source has ironically become the best cover for attackers—they delved into the source code to modify the analysis service logic, used legitimate libraries like PostHog to steal data, and even employed fake domains like metrics-trustwallet.com to deceive users. This is no longer just a simple security vulnerability; it’s a thorough infiltration of the supply chain.
The losses include 33 BTC on the Bitcoin chain, 3 million each on Ethereum and Solana. The most heartbreaking part is that these stolen assets are now moving across DEXs and cross-chain bridges. The attackers clearly understand how to trace on-chain movements.
What left the deepest impression on me was the timeline: implanting the backdoor on December 22nd, starting transfers on December 25th. On Christmas Day, how many users were immersed in holiday joy, completely unaware that their seed phrases were already sitting on hackers’ servers? This is the irony of history—every major security incident repeats the same lesson: the higher the trust, the lower the guard, and the greater the cost.
My advice is straightforward: if you’ve used a browser extension wallet, disconnect from the internet now and conduct a thorough check. Immediately export your private keys, uninstall the old version, and transfer your funds to another wallet. Don’t wait, don’t rely on luck. This incident teaches us that even the most reputable projects can be compromised, and no matter how rigorous the code audit, it can still be bypassed. Wallet security in 2025 will require extreme paranoia.