A China-linked hacking group posing as a cybersecurity firm has allegedly stolen around $7 million in digital assets through wallet supply-chain attacks targeting users across multiple blockchains.
The group, operating under Wuhan Anshun Technology, reportedly used malicious Electron apps, browser plugins and remote-control tools to extract mnemonic phrases and drain wallets.
A whistleblower claimed the operation stole funds across 37 token types before leaking internal details following a dispute over profit distribution and unpaid compensation.
The attacks allegedly targeted users on networks including Ethereum, BNB Chain and Arbitrum, with funds laundered through fragmented transfers to obscure tracking.
Trust Wallet was among the platforms referenced in the reported activity, highlighting risks tied to widely used self-custody tools and third-party integrations.
The incident has not been officially confirmed by authorities, but reflects a broader pattern of supply-chain vulnerabilities affecting wallet software and extensions.
Industry observers said the case underscores how security risks extend beyond private keys to include software updates, plugins and application layers used to access crypto assets.
At the time of reporting, Ethereum price was $2,319.48.