Chinese Hacker Team Accused of $7 Million Crypto Theft in Supply-Chain Attacks

New allegations say the Wuhan-based group targeted Trust Wallet in a supply-chain attack using Electron vulnerabilities, remote-control tools, plugin reverse engineering, and bulk mnemonic scanning to steal about $7 million.

44d ago

Fact Check

The claim is extensively documented by multiple independent crypto news organizations (BlockBeats, PANews) and corroborated by a clarification from OKX. The reports provide specific details, including the name of the entity (Wuhan Anjun Technology), the whistleblower (Duan Jirui), the specific amount ($7 million), and the technical vectors (Electron vulnerabilities, plugin reverse engineering). The consistency of these details across sources strongly supports the truthfulness of the claim.

Summary

A new report alleged that a Wuhan-based cybercrime team carried out a supply-chain attack on Trust Wallet and stole about $7 million in crypto assets. According to the whistleblower account, the group used Electron vulnerabilities, VShell remote-control tools, reverse engineering of an OKX plugin, and bulk mnemonic scanning tools to extract wallet access data. The case reportedly surfaced after internal disputes over profit sharing and contract payments. The claims remain allegations and were not independently verified in the source material.

Terms & Concepts

Supply-chain attack: A cyberattack that compromises trusted software or services so attackers can reach downstream users through legitimate distribution channels.
Trust Wallet: A self-custody cryptocurrency wallet that lets users store and manage digital assets directly with their own recovery credentials.
Mnemonic: A wallet recovery phrase made up of words that can restore access to crypto funds if the wallet is lost or reinstalled.