PANews reported on December 30th that Trust Wallet reported its browser plugin version 2.68 was uploaded to the Chrome Web Store by attackers without internal review. The malicious code could execute transactions and steal wallet data without user authorization. The incident has been confirmed to have affected 2,520 wallet addresses, with total losses estimated at approximately $8.5 million. Preliminary investigations indicate the attack is related to the Sha1-Hulud industry-wide supply chain incident in November. Trust Wallet has rolled back the plugin to a secure version 2.69 and initiated a compensation process for affected users. This incident may serve as a warning about new types of supply chain attacks facing the crypto industry.