Plugin Wallet Security Incident Overview: Plagued by Counterfeit Software and Phishing Attacks, Direct Official Vulnerabilities Are Few
2025.12.26 09:53:16
December 26th — Trust Wallet issued a security alert this morning confirming a vulnerability in its browser extension (version 2.68). On-chain detective ZachXBT reports hundreds of users have already had funds stolen, with total losses hitting at least $6 million. Below are key security incidents involving major browser extension wallets:
### Trust Wallet (2022)
Back in November 2022, Trust Wallet’s extension had a WebAssembly vulnerability affecting only new addresses created between Nov 14–23, 2022. The flaw led to ~$170k in stolen funds. Trust Wallet found the issue via its bug bounty program, patched it, and fully compensated affected users.
### MetaMask
- **2022**: Faced a “Demonic” vulnerability (versions before 10.11.3) that exposed private keys in browser memory — no large-scale losses reported.
- **2023–2025**: Official extension operated securely, but it’s often targeted by fake versions. A 2025 Chainalysis report noted a spike in abnormal thefts, driven mostly by counterfeit malware and phishing (not the wallet itself).
- **Current**: MetaMask publishes monthly security reports on this, but as a top Ethereum plugin wallet, it remains a key counterfeit target.
### Phantom (Solana’s main wallet)
- **2022**: Also had the “Demonic” vulnerability — no major losses reported.
- **Early 2025**: A controversy arose after a user lost $500k when private keys were stored unencrypted in memory (leading to a hack). A class-action lawsuit was filed in the Southern District of New York. Phantom’s team denied all claims, calling the lawsuit “baseless” and noting Phantom is non-custodial (users bear fund security responsibility).
### Rabby Wallet (DeFi-focused)
- **2022**: Hacked via a flaw in its Rabby Swap feature, leading to ~$200k in stolen crypto. The issue wasn’t with the extension itself, but the built-in swap tool.
### Key Takeaway
The most common way extension wallets get compromised is via fake downloads. In 2025, multiple such incidents hit the Firefox store, targeting major wallets like MetaMask, Phantom, and Trust Wallet. Direct official vulnerabilities are far rarer.
**Advice**: Only download extension wallets from the official Chrome Web Store to protect your funds.
Relevant content
Iranian President: Key Term to End War is Lebanon Ceasefire
**April 9 (CCTV News) — Iranian President Ebrahim Raisi spoke with Pakistani Prime Minister Imran Khan by phone on April 9.**
Raisi emphasized Iran accepts Pakistan’s ceasefire proposal, despite the U.S. repeatedly violating past commitments and flouting international law. This move reflects Iran’s responsible, firm stance, he said, adding regional and global nations should seize this opportunity to pressure the aggressor and prevent a repeat of past mistakes.
He stressed Iran’s position hinges on the other party’s genuine commitment to negotiation principles and fulfillment of its obligations. Raisi also condemned multiple ceasefire violations—including an attack on Iran’s Lavan and Sirri Islands on the morning of April 8—noting Iran will respond resolutely to any aggression.
Additionally, Raisi stated Iran has put forward a 10-point plan framework to end the war, with a key provision being a ceasefire in Lebanon.
1 hours ago
Iranian Foreign Minister Reiterates Israeli Ceasefire as Prerequisite for Comprehensive Ceasefire
April 9: Iranian Foreign Minister says Iran-U.S. ceasefire terms are clear and explicit. The U.S. must choose between a ceasefire or continuing the war through Israel—both cannot happen at the same time. (Wall Street News)
1 hours ago
Israeli Prime Minister: Either through upgrade or through restart of fighting to achieve the goal, ready to return to fighting at any time
April 9 — Israeli Prime Minister Benjamin Netanyahu said Israel has achieved "tremendous accomplishments" that once seemed impossible. He noted more goals remain to be reached, adding the country will either escalate or restart its fight to achieve those objectives. Netanyahu emphasized Israel is ready to return to battle at any time if needed.
1 hours ago
Nasdaq Files Rule Change to Extend BlackRock IBIT and ETHA Transition Period for Conversion to Generic ETF
On March 31, 2026, Nasdaq submitted a rule change that took immediate effect. The modification alters the listing requirements for the BlackRock iShares Bitcoin Trust ETF (IBIT) and iShares Ethereum Trust ETF (ETHA), transitioning them from a specific standard to a generic listing standard. It also extends the original deadline from the first quarter of 2026 to the third quarter, giving sponsor BlackRock additional time to complete the conversion.
1 hours ago
Iran's Revolutionary Guard Corps Says Ready to Strike Israel
April 9
Iran’s Islamic Revolutionary Guard Corps (IRGC) issued a statement saying it will respond in a way that makes “aggressors in this region regret” if Israel does not immediately halt its attacks on Lebanon.
The statement accused Israel of brutally massacring innocent Lebanese people—including children and women—in Beirut shortly after a ceasefire agreement was reached.
Mousavi, commander of the IRGC’s Aerospace Force, also stated that attacking Hezbollah in Lebanon is equivalent to attacking Iran. The IRGC is preparing to “deliver a heavy blow to the aggressors’ brutal crimes,” he added.
(CCTV International News)
1 hours ago
Benjamin Netanyahu is about to make a statement at 01:15
On April 9th, Israel’s Prime Minister’s Office announced that Benjamin Netanyahu will address the media tonight at 8:15 p.m. local time (1:15 a.m. Beijing time today). No Q&A is scheduled. (FX168)
1 hours ago
App Store
Profile
Security
Sign Out
Feeds
Articles
Source
Add to Favorites
Download image
Share x
Copy link
