#钱包安全漏洞 Trust Wallet 2.68 version's backdoor incident warrants an in-depth analysis. From on-chain data, the hackers had already begun their layout at least by December 8—registering malicious domains, infiltrating development permissions. This is not a simple supply chain contamination but a professional APT attack.

Key information summary: The hackers directly tampered with the source code rather than poisoning npm packages, using the legitimate PostHog library as a cover to send mnemonic phrases to forged domains. Currently, the stolen assets amount to over $6 million—about 3 million in Bitcoin, and approximately 3 million in Ethereum and Layer2 tokens.

More notably, the flow of funds: after stealing the coins, the hackers immediately transferred and exchanged them via CEX and cross-chain bridges, indicating a clear exit strategy. From the first request on December 21 to the start of fund transfers around Christmas, the entire time window was tightly controlled.

Immediate recommended action: if you have used the Trust Wallet extension, the first step must be to disconnect from the internet, then export your private keys and uninstall the extension, and finally transfer your funds to another wallet. This is not excessive caution but a response based on the actual losses that have already occurred. This incident also reminds us to pay attention to the security status of wallets when tracking whale movements—compromised addresses often serve as important signals for market sentiment.