Wallet Security News

---

Type

Vulnerability

Severity

Low

Status

Ongoing

Laser fault injection found by Ledger's Donjon security team on the TROPIC01 secure element, used by Trezor Safe 7 devices. This does not amount to a full compromise of Trezor devices.

---

---

Type

Hack

Severity

High

Status

Ongoing

BankrBot reported that several users had their wallets compromised and drained. The root cause and full scope of the breach have not yet been disclosed. Transactions have been disabled as a precautionary measure while the team investigates.

---

---

Type

Data Breach

Severity

Medium

Status

Resolved

Global-e, an independent e-commerce platform used by Ledger.com, experienced unauthorized access to their cloud systems. Personal data including names and contact information of Ledger customers who made purchases through Global-e were improperly accessed. No payment information, account credentials, or passwords were compromised.

---

---

Type

Hack

Severity

Critical

Status

Mitigated

A malicious version of Trust Wallet Browser Extension (v2.68) was published to the Chrome Web Store on December 24, 2025, through a compromised API key. The attack, linked to the industry-wide Sha1-Hulud supply chain incident, affected users who logged in during December 24-26, 2025. Approximately 2,520 wallet addresses were impacted with $8.5M in losses. Trust Wallet has committed to reimbursing all affected users.

---

---

Type

Data Breach

Severity

Critical

Status

Mitigated

Slope Wallet versions 2022-06-24 and later contained user tracking code that leaked users' full seed phrase to the Slope's on-premise Sentry analytics platform.

---