Binance's Trust Wallet extension hacked; users lose $7M

https://www.web3isgoinggreat.com/?id=trust-wallet-hack

55•ilamont•2h ago

Comments

addams•1h ago

One of CZ's tweets hints at an insider threat, but Trust Wallet was one of the GitHub organizations pwned by Sha1 Hulud. What are the odds this is a fallout of that?

gigatexal•1h ago

I can’t have any more schadenfreude than I have now

3eb7988a1663•32m ago

That is a great domain name.

wyldfire•31m ago

I love the concept of cryptocoins. But in practice, there are some enormous hazards that make it not worthwhile IMO. This is just one such hazard, but by now we've seen several flavors of "this custody/storage mechanism failed to securely store some wealth." If securing it yourself, it's so easy to mishandle and either destroy your wealth or have it stolen. If delegating it to an "expert" you risk the custodial agent falling victim to theft/exit scam/ineptitude. Does any third party insure these agents?

Having a government-insured bank deposit means that I've never had to think about this in my lifetime. It's a problem that I don't need.

sunshine-o•7m ago

I believe the Achilles' heel of Web3 is really that is was built on Web1&2.

Whatever opinion you might have about this industry, the core work is done by the Ethereum folks and it is pretty admirable. They have been progressing for 10 years in a system where any mistake can collapse the entire system.

But ultimately those wallets and Web3 apps are built with web technologies and run in a browser and this is just not made for this.

This hack was targeting seed phases or private key because the keys have to be stored in the browser extension. How insane is that? But there isn't really any other ways to do it within the framework of a web browser.

Ultimately if the extension or web app is compromised an hardware wallet cannot really ultimately protect you (at least you would only be compromised when interacting with it).

Ethereum also now built in the secp256r1 signature checker so passkey/yubikey can be used but, same problem the "web" is the weak link.

Bottom line if they want that thing to succeed they will have to create a way to interact with smart contracts outside of the web browser. Maybe it will take building a simpler "dapp browser". Their apps are pretty basic in the end, a TUI would be enough to swap a token and approve a transaction...

Download AI Generated Fonts

Stop Claude Code from forgetting everything

The Late Arrival of 16-Bit CP/M – By Nemanja Trifunovic

San Francisco Identities

Information, complexity, brains and reality (Kolmogorov Manifesto) (2007)

AI Employees Don't Pay Taxes

Of Trees, Tenderness, and the Moon: Hasui Kawase's Woodblock Prints

NYC slices now more expensive than subway fare

LLMs, LoRA, and Slerp Shape Representational Geometry of Embeddings

Show HN: Revertly – version control for Shopify products

Growing Up in "404 Not Found" (Part II): The Vanishing Nuclear City

Hijacking AI coding assistants with prompt injection

ManusAI Joins Meta

Manus Joins Meta: Accelerating AI Innovation for Businesses

Rep Ro Khanna faces Silicon Valley backlash after embracing wealth tax

No Strcpy Either

I spent my 27th birthday yesterday coding to solve my own frustration

OpenAI faces a make-or-break year in 2026

Pre-Emphasis on Audio CDs

39C3 – All my Deutschlandtickets gone: Fraud at an industrial scale [video]

Show HN: HN-Brief – Catch up on the top stories in 5 minutes

Rethinking the Cost of Distributed Caches for Datacenter Services

Why Israel's recognition of Somaliland as an independent state is controversial

A veterinarian in Ukraine keeps birds safe from the war

A scalable pattern for Dagger in monorepos

What investors will expect from tech startups in 2026

The Unreported Story of Grid Scale Battery Fires

Before Your Doctor Uses AI to Record Your Visits, Ask These Questions

Inlining

I built a free Chrome extension security scanner now Fortune 500 teams use it