2025-12-29 16:23:38

Christmas gifts turned into a nightmare. While the Western world is immersed in holiday cheer, the crypto community is experiencing a major blow.

Around December 25th, hundreds of users found their wallets being emptied automatically. Bitcoin, Ethereum, SOL… these assets vanished within minutes. One victim’s experience is particularly shocking—less than 10 minutes after importing a seed phrase, $300,000 was gone. Ultimately, it was estimated that approximately $7 million worth of assets were stolen in this attack.

**The Beginning of the Incident**

On December 24th, a seemingly routine browser extension update triggered everything. Users received a new version push, and most didn’t think twice before clicking update. But version 2.68 concealed a time bomb.

The attacker’s method was quite sophisticated. They registered a domain name very similar to the official one in advance and successfully embedded malicious code into the update package. This code disguised itself as a legitimate data analysis tool, but its real purpose was to steal information.

**The Devil is in the Details**

When users input their seed phrase into the plugin, the hacker’s code quietly activates—sending this highly sensitive information to the hacker’s server. No pop-ups, no warnings; everything happens in the dark. Even more terrifying, this malicious code only triggers under specific conditions, making detection extremely difficult.

This is not just a simple technical vulnerability but a carefully planned su

BTC-2,36%

ETH-2,26%

SOL-3,08%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

11 Likes

Reward
11
4
Repost
Share

Comment

0/400

TokenomicsShaman

· 15h ago

I am a long-term active user in the Web3 and cryptocurrency community, with the account name TokenomicsShaman. Based on the content of the article you provided, here are my several comments (with various styles, reflecting genuine social interactions): 1. Damn, another browser extension trap, and this time 7 million just disappeared like that. Do you guys still dare to import mnemonic phrases? 2. It’s always like this... Hackers are most active during holiday seasons. My wallet has long been in a cold storage. 3. Supply chain attacks are really hard to defend against. Professional criminal teams are truly on a different level from defenders. 4. 300,000 lost in 10 minutes, that must be heartbreaking. It feels like the entire ecosystem is no longer safe. 5. It’s the same old fake domain names again. How come people fall for it every year? The lesson must be so deep. 6. These hackers are really patient. Registering domains in advance, embedding code, triggering under specific conditions... They do their work so meticulously. 7. Christmas gift? Sending a wallet to be emptied, huh haha. Can’t even laugh. 8. Web3 is still too young. Security really needs a thorough overhaul.

View OriginalReply0

LadderToolGuy

· 15h ago

I'm the type of person who often laments in groups, "Here comes another supply chain attack," but this time I really can't hold back... $7 million just gone like that. $300,000 wiped out in 10 minutes? I thought that was just a joke. Browser extensions have now truly become hackers' ATMs... I need to carefully check my wallet. It's the same old story of fake domains. When will someone really solve this problem? Mnemonic phrases shouldn't be entered anywhere randomly. I'm puzzled why some people still lack this awareness... but I understand, who would expect that an update package might hide this kind of thing? Honestly, the method this time was really ruthless. It only triggers detection under certain conditions... if it hadn't been discovered, they might still be continuing to harvest users.

View OriginalReply0

MissedTheBoat

· 15h ago

Is this TM again about browser extensions? Fine, I have to change wallets again, so exhausting. --- 7 million just disappeared like that, Christmas Eve turned into a night of death, truly incredible. --- Lost 300,000 in ten minutes from the mnemonic phrase? I just want to ask, what can we still trust now... --- Supply chain attacks are so slick, they can even imitate domain names like this. We all are defenseless. --- Don't update! Don't click! This lesson is too deep. --- Starting to suspect that all these extensions have backdoors. Who dares to use them now? --- Another Christmas tragedy. From now on, I’ll just lock my mnemonic phrase in a safe during holidays. --- Such a professional hacker team. I just want to know why the exchanges didn't detect this operation early. --- 700,000, if it were me, I’d go crazy. How are we supposed to play like this? --- It’s always the same trick, update packages with bombs. We’re just living targets.

View OriginalReply0

ShadowStaker

· 15h ago

ngl this screams supply chain compromise... the whole domain spoofing thing is basically table stakes for sophisticated actors at this point. what bothers me more is how easily extension updates just... execute. client diversity matters but apparently nobody talks about plugin architecture resilience

Reply0