Headline: Whistleblower exposes alleged $7M wallet supply‑chain heist by China-based group posing as security firm
A hacker group operating under the guise of a cybersecurity company has been accused of stealing roughly $7 million in crypto by exploiting wallet supply chains — and the scheme only came to light after an internal dispute prompted a whistleblower to leak evidence.
According to the leaked account, the group publicly traded as Wuhan Anshun Technology, offering vulnerability research, red‑team services and other security work. Behind the cover, members allegedly ran “gray market” operations that harvested mnemonic phrases and emptied user wallets across multiple chains, including Ethereum, BNB Chain and Arbitrum. One named target in reports is Trust Wallet, along with other Electron‑based desktop clients and browser plugins.
How the operation reportedly worked
- The team is said to have developed automated tools to bulk‑scan mnemonic phrases and identify high‑value portfolios.
- They allegedly exploited supply‑chain flaws in Electron clients and browser extensions, used reverse engineering and remote‑control software to exfiltrate wallet data, then drained funds.
- The leaks claim the campaign affected assets across 37 token types and that proceeds were laundered by splitting funds and routing transfers to obscure trails.
Why it came out: a payout dispute
The leak was reportedly triggered by an internal conflict over profit splits and an unpaid “severance” to one operator. That operator — now the whistleblower — alleges they clashed with the team leader over fairness, then dumped evidence publicly when promised compensation wasn’t delivered. The whistleblower also says they plan to turn themselves in to authorities.
Verification and industry reaction
The allegations have not been independently confirmed and authorities have not publicly disclosed any investigative progress. Still, commentators say the episode — confirmed or not — highlights a persistent risk: wallet supply chains, plugins and desktop wrappers create attractive attack surfaces, especially for users who rely on “set and forget” self‑custody software.
Practical takeaways for users and institutions
- Treat every component as risky: not just private keys, but updates, extensions and client wrappers.
- Minimize plugin use and avoid untrusted builds; prefer official, signed releases.
- Use hardware wallets and multisig setups for high‑value holdings.
- Perform or require supply‑chain audits, reproducible builds and strict code review for wallet projects.
- Maintain device hygiene: isolate signing devices, keep software updated, and monitor addresses for suspicious activity.
Bottom line
Whether fully verified or still allegations, this case underlines that attackers are increasingly sophisticated — and willing to hide behind fake security brands. For anyone holding crypto, supply‑chain security and disciplined operational hygiene are no longer optional: they’re essential protection.
Read more AI-generated news on: undefined/news
