Security incidents, vulnerabilities, and data breaches affecting Ethereum wallets
Global-e, an independent e-commerce platform used by Ledger.com, experienced unauthorized access to their cloud systems. Personal data including names and contact information of Ledger customers who made purchases through Global-e were improperly accessed. No payment information, account credentials, or passwords were compromised.
A malicious version of Trust Wallet Browser Extension (v2.68) was published to the Chrome Web Store on December 24, 2025, through a compromised API key. The attack, linked to the industry-wide Sha1-Hulud supply chain incident, affected users who logged in during December 24-26, 2025. Approximately 2,520 wallet addresses were impacted with $8.5M in losses. Trust Wallet has committed to reimbursing all affected users.
Know about a security incident affecting a wallet? Please help by contributing to our repository!
