Cybersecurity Headlines Unleash Protocol hackers drain millions, DarkSpectre campaigns exposed, Shai-Hulud attack led Trust Wallet heist
8 snips
Jan 1, 2026 Hackers recently drained approximately $3.9 million from Unleash Protocol after gaining multi-sig control. Meanwhile, the DarkSpectre campaigns have targeted over 8.8 million users, stealing sensitive meeting data through malicious browser extensions. In a separate incident, a Shai-Hulud-led attack exploited exposed GitHub secrets, resulting in an $8.5 million theft from Trust Wallet. The podcast also touches on Disney's significant settlement over data-privacy violations and addresses new cybersecurity threats affecting various platforms.
AI Snips
Chapters
Transcript
Episode notes
Multi-Sig Compromise Drained Millions
- Unleash Protocol lost administrative control after a multi-sig governance compromise and unauthorized smart contract upgrade.
- Attackers withdrew assets, bridged funds externally, and laundered ~1,337 ETH through Tornado Cash.
Browser Extensions Used For Corporate Espionage
- Koi researchers found Dark Spectre ran three browser-extension campaigns impacting over 8.8 million users across major browsers.
- The campaigns acted as corporate espionage infrastructure, hijacking searches, running ad fraud, and exfiltrating meeting data.
Supply Chain Update Led To Trust Wallet Heist
- Trust Wallet suffered a supply chain attack via Shai Hulud that trojanized its Chrome extension and stole about $8.5 million.
- Attackers abused exposed GitHub secrets to push a malicious update that harvested recovery phrases from ~2,520 wallets.