The Trust Wallet Supply Chain Attack: How a Fake Chinese Security Firm Weaponized Browser Extensions to Steal $7M in Crypto

On March 17, 2026, the crypto world learned something unsettling: a Chinese hacker group operating as a legitimate cybersecurity company had been systematically stealing cryptocurrency through browser extension supply chain attacks. The group, operating under the name Wuhan Anshun Technology , was only exposed because of an internal dispute over profit splits. The result: $7 million stolen across 37 token types , 2,600+ wallets drained, and a stark reminder that the biggest threat to self-custody isn't your private key management — it's the software sitting between you and your keys. The Attack Anatomy Phase 1: The Corporate Cover Wuhan Anshun Technology presented itself as a security research firm — vulnerability research, red teaming, security services. The perfect cover for a group that needed access to security tooling, reverse engineering capabilities, and deep knowledge of wallet internals. This mirrors a growing pattern: North Korea's Lazarus Group operates similarly through fro