Trade
Basic
Futures
Futures
Hundreds of contracts settled in USDT or BTC
Options
HOT
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
NEW
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
NEW
Earn futures points and claim airdrop rewards
Investment
Simple Earn
Earn interests with idle tokens
Auto-Invest
Auto-invest on a regular basis
Dual Investment
Buy low and sell high to take profits from price fluctuations
Soft Staking
Earn rewards with flexible staking
Crypto Loan
0 Fees
Pledge one crypto to borrow another
Lending Center
One-stop lending hub
VIP Wealth Hub
Customized wealth management empowers your assets growth
Private Wealth Management
Customized asset management to grow your digital assets
Quant Fund
Top asset management team helps you profit without hassle
Staking
Stake cryptos to earn in PoS products
Smart Leverage
NEW
No forced liquidation before maturity, worry-free leveraged gains
GUSD Minting
Use USDT/USDC to mint GUSD for treasury-level yields
More
Trending Topics
View More38.07K Popularity
21.36K Popularity
8.46K Popularity
54.97K Popularity
343.57K Popularity
Pin
Strike Gold by Sharing Your TradFi Orders and Pictures!
Post on Gate Square and split $10,000 in rewards!
The TradFi Gold Lucky Bag is now live—1g of real gold every 10 minutes. Trade nonstop, win nonstop!
👉 https://www.gate.com/announcements/article/49357
🎁 50 lucky winners × $200 Position Vouchers ($10 × 20 leverage)
How to Join:
1️⃣ Post your order on Square with #GateTradFi1gGoldGiveaway, including:
A trade or draw screenshot
A brief experience sharing
2️⃣ Or create a related image (AI creation allowed) with a short promo line, such as:
Get gold on Gate App — 1g every 10 minutes!
⏰ Jan 2Gate Square New & Returning Creator Rewards are ongoing!
Your ideas may be more valuable than you think!
Make your first post or come back post to share a $20,000 monthly prize pool!
Post with #MyFirstPostOnSquare to receive a $50 Position Voucher each
Monthly Top Posters and Top Engagers will each earn an extra $50 reward
Your crypto insights could inspire many—start creating today!
👉 https://www.gate.com/postGate Square “Creator Certification Incentive Program” — Recruiting Outstanding Creators!
Join now, share quality content, and compete for over $10,000 in monthly rewards.
How to Apply:
1️⃣ Open the App → Tap [Square] at the bottom → Click your [avatar] in the top right.
2️⃣ Tap [Get Certified], submit your application, and wait for approval.
Apply Now: https://www.gate.com/questionnaire/7159
Token rewards, exclusive Gate merch, and traffic exposure await you!
Details: https://www.gate.com/announcements/article/47889
The Trust Wallet Hacker Code Breach: $6M in Cryptocurrency Stolen Through Malicious Extension
A sophisticated attack targeting Trust Wallet users has resulted in the theft of over $6 million in digital assets, exposing one of the most serious security vulnerabilities in the crypto wallet space. The attack involved hacker code directly embedded into the browser extension’s source code—a development that security researchers classify as an Advanced Persistent Threat (APT) operation.
How the Hacker Code Exploited Trust Wallet Users
On December 8, 2025, attackers registered the malicious domain metrics-trustwallet.com. Two weeks later, on December 21-22, security researchers detected the first data exfiltration attempts. The hacker code operated through a deceptively simple yet effective mechanism: when users unlocked their Trust Wallet browser extension (version 2.68), the malicious code would intercept their encrypted seed phrases.
The vulnerability wasn’t introduced through a compromised third-party library or dependency—instead, the attackers directly injected malicious code into Trust Wallet’s internal codebase. This distinction is critical: it suggests the threat actors gained access to Trust Wallet’s development infrastructure or deployment systems weeks before the attack became public.
The attack methodology relied on stealing users’ encrypted mnemonic phrases by leveraging the passwords or passkeys they entered when unlocking their wallets. The hacker code would then decrypt these phrases and transmit them to the attacker’s command-and-control server (api.metrics-trustwallet[.]com), giving hackers complete control over compromised wallets.
Inside the Attack: Technical Breakdown of the Malicious Hacker Code
Security researchers from SlowMist conducted a detailed analysis by comparing version 2.67 and version 2.68 of the Trust Wallet extension. The findings revealed precisely how the hacker code functioned at the application level.
The malicious payload iterated through all wallets stored in the extension and issued requests to extract the user’s encrypted mnemonic phrase. Once obtained, the code would decrypt the phrase using the authentication credentials the user had entered during wallet unlock. If decryption succeeded—which it would for every legitimate user—the exposed mnemonic phrase was automatically sent to the attacker’s server.
The sophistication of this hacker code suggests professional-grade development. Attackers utilized the legitimate PostHogJS analytics library as a cover, redirecting legitimate analytics data to their malicious infrastructure. This technique allowed the hacker code to blend in with normal wallet operations, evading immediate detection.
Dynamic analysis of the attack revealed that once decrypted, the mnemonic phrase data was embedded in the error message field of network requests—a clever obfuscation technique that allowed stolen credentials to traverse network traffic without raising immediate red flags. BurpSuite traffic analysis confirmed that the stolen recovery phrases were consistently packaged in the errorMessage field before transmission to the attacker’s server.
Tracking the Stolen Assets and Attacker Infrastructure
According to data disclosed by security researcher zachxbt, the heist resulted in substantial losses across multiple blockchains:
Post-theft analysis shows that attackers immediately began moving and exchanging stolen assets through decentralized bridges and multiple centralized exchanges, likely attempting to obscure the origin of funds and complicate recovery efforts.
The malicious domain itself was registered on December 8, 2025, at 02:28:18 UTC through domain registrar NICENIC INTERNATIONA. The timing between domain registration and the first observed data exfiltration attempts strongly suggests this was a carefully coordinated operation—the hacker code wasn’t hastily deployed but rather part of a well-planned campaign.
Immediate Actions: Protecting Your Wallet from Similar Code-Based Attacks
Trust Wallet’s development team confirmed the vulnerability in version 2.68 and released an urgent security advisory. The official response included these critical directives:
If you use Trust Wallet’s browser extension:
Disconnect from the internet immediately—this should be your first step before taking any troubleshooting action. Remaining connected while your wallet is potentially compromised increases the risk of complete asset loss.
Export your private keys or mnemonic phrases while offline, then uninstall the Trust Wallet extension immediately. Do not re-enable version 2.68 under any circumstances.
Upgrade to version 2.69 only after moving your funds to a completely new, secure wallet (either a different wallet application, a hardware wallet, or a fresh account with a newly generated recovery phrase).
Transfer all funds to a new wallet address as soon as safely possible. Any cryptocurrency remaining in wallets previously accessed through the compromised version 2.68 should be considered at risk.
The hacker code vulnerability affects all users who had version 2.68 installed, regardless of whether they actively used the extension—the malicious payload executes automatically upon wallet unlock.
Why This Was an APT-Level Hacker Code Threat
Security analysts classify this attack as a sophisticated Advanced Persistent Threat (APT) for several compelling reasons. First, the scope and coordination suggest professional threat actors, not opportunistic hackers. Second, the attacker’s apparent access to Trust Wallet’s development or deployment systems indicates a targeted compromise of infrastructure, not just the public-facing wallet application.
The precision of the hacker code—its ability to target specific wallet unlock mechanisms, decrypt secured phrases, and exfiltrate data through legitimate-looking analytics requests—demonstrates advanced technical capabilities. The month-long gap between domain registration and the attack’s detection window suggests careful planning and reconnaissance.
This incident serves as a stark reminder that even established, well-resourced projects can fall victim to sophisticated supply chain attacks. The hacker code was positioned not as an external threat but as part of the legitimate application itself, making detection extraordinarily difficult for end users until security researchers flagged the anomaly.
Critical reminder: Users should assume that any cryptocurrency stored in wallets previously connected to Trust Wallet version 2.68 is now at risk, and immediate migration to secure alternatives is essential.