PANews reported on December 26th that, according to SlowMist's CISO, the Trust Wallet security incident may have originated from an attack on developer devices or a code repository, and users are still experiencing theft. Users of affected wallet versions are advised to immediately disconnect from the internet and prioritize exporting and transferring assets using their mnemonic phrases to avoid being compromised by malicious code once connected to the internet. Always complete asset transfer before upgrading your wallet.

BlockBeats news, December 26, according to monitoring by HyperInsight and Coinglass, due to a short-term 3% surge in BTC, the largest single liquidation across the entire network in the past 24 hours reached $14.14 million, which was a BTC short position from the address starting with 0xa8e on Hyperliquid. In the past hour, this address's 40x leveraged BTC short position was liquidated twice in large amounts, totaling approximately $17.63 million, with the largest single liquidation being 160 BTC, equivalent to about $14.14 million.After being fully liquidated, the address immediately opened another BTC short position with 40x leverage, with a position size of about $7.1 million, an average opening price of $89,040, and a liquidation price of $89,820. Previously, on December 19, this address was the largest BTC short position on Hyperliquid.

BlockBeats news, December 26, Binance founder CZ posted on social media stating, 'As of now, the Trust Wallet hack has resulted in a total loss of approximately $7 million. Trust Wallet will fully cover the related losses, and user funds are secure. The team is still investigating how the hacker successfully submitted and released a new browser extension version.'

PANews reported on December 26th that, according to PeckShield, the attack on Trust Wallet browser extension version 2.68 has resulted in the theft of over $6 million in crypto assets. Approximately $2.8 million remains in the attacker's address, while over $4 million has been transferred to multiple centralized exchanges (CEXs). Specifically, approximately $3.3 million flowed into ChangeNOW, approximately $340,000 into FixedFloat, and approximately $447,000 into KuCoin. Trust Wallet has urged users to immediately stop using this version.

BlockBeats news, December 26, according to PeckShield monitoring, the hacker in the Trust Wallet exploit incident has stolen over $6 million in crypto assets from victims.Currently, about $2.8 million of the stolen funds remain in the hacker's wallet (Bitcoin / EVM / Solana), while over $4 million in crypto assets have been transferred to centralized exchanges, specifically including: approximately $3.3 million to ChangeNOW, about $340,000 to FixedFloat, and around $447,000 to Kucoin.

PANews reported on December 26 that, according to the Aave Governance Forum, the ARFC proposal to formally transfer Aave brand assets (domain names, social media accounts, naming rights, etc.) to DAO control concluded its voting on December 26 and ultimately failed to pass. The proposal received 994,800 votes against (55.29%), only 63,000 votes in favor, and 41.21% abstained. The proposal aimed to address the current risks of brand assets being controlled by third parties and sought to clarify ownership and use through a DAO legal structure.

BlockBeats news, December 26, according to official information, the Hyperliquid Foundation announced that HYPE tokens in the aid fund system address have been officially burned, accounting for 11.068% of the circulating supply. This governance vote adopted a consensus mechanism calculated based on staking weight, with the result being 85% of staked votes in favor of the burn; 7% against; 8% abstained.

BlockBeats news, on December 26, Chinese crypto analyst Ban Muxia stated on social media, "It is no longer appropriate to be firmly bullish on Bitcoin at present, but there is no need to be excessively bearish over the next 1-2 months. A wave of adjustment may occur around March or April next year. If ETF funds experience significant outflows, a sharp decline could happen, with Bitcoin possibly falling below $80,500 or even dropping to $71,000, but this is a low-probability event. Currently, Bitcoin's volatility has narrowed to an extreme, and a direction will soon emerge."

BlockBeats news, on December 26, this morning, Trust Wallet, the non-custodial crypto wallet with the largest user base, officially issued a security alert, confirming a security vulnerability in the browser extension version 2.68. On-chain detective ZachXBT disclosed that hundreds of Trust Wallet users have had their funds stolen, with losses amounting to at least $6 million. Trust Wallet has accumulated over 200 million downloads, with approximately 17 million monthly active users, holding about 35% of the market share, making this security incident widely impactful. A review of security incidents encountered by several mainstream browser extensions is as follows:In November 2022, the Trust Wallet browser extension was also found to have a WebAssembly vulnerability, affecting only new wallet addresses created between November 14 and 23, 2022. This led to the theft of approximately $170,000 in funds. Trust Wallet identified the issue through its bug bounty program, fixed the vulnerability, and fully compensated the affected users.In 2022, MetaMask experienced the "Demonic" vulnerability, affecting older versions prior to 10.11.3, where private keys could be exposed in browser memory, but no known large-scale fund losses occurred. From 2023 to 2025, the official MetaMask wallet extension operated securely, but was frequently affected by counterfeit extensions. A Chainalysis report indicated a surge in abnormal theft incidents among MetaMask users in 2025, primarily due to counterfeit malware and phishing, rather than the security of the extension wallet itself. MetaMask has been releasing monthly security reports, but as a popular Ethereum extension wallet, it remains a primary target for counterfeiting.Phantom (the main Solana wallet extension) was also affected by the "Demonic" vulnerability in 2022, but similarly, no known large-scale fund losses occurred. In early 2025, a security controversy involving the Phantom wallet extension emerged, where a user lost $500,000, attributed to private keys being stored unencrypted in memory by Phantom, leading to a hacker attack, and a class-action lawsuit was filed in the Southern District of New York. Phantom officially issued a statement strongly denying all allegations, calling the lawsuit "baseless," and emphasized that Phantom is a non-custodial wallet, with responsibility for fund security resting with the user.In 2022, Rabby Wallet (a DeFi-friendly extension) suffered a hack that stole approximately $200,000 in crypto assets due to a Rabby Swap vulnerability, which originated not from the extension itself but from the built-in Swap feature.The most common method of theft for browser extension wallets is through counterfeit app downloads, with multiple such incidents concentrated in the Firefox store in 2025, affecting mainstream crypto extension wallets like MetaMask, Phantom, and Trust Wallet. In contrast, direct official vulnerabilities in extensions are relatively rare. It is recommended that users download only from the official Chrome Web Store to ensure fund security.

PANews reported on December 26th that, according to Ember, a whale that previously opened a long position with $230 million added 210,000 SOL (approximately $25.2 million) in the early hours of today after holding the position for a week without making any moves. Currently, its total long position is worth $740 million, with a floating loss of $58.96 million. Specifically, this includes: 203,000 ETH ($590 million), opened at $3,147, with a floating loss of $49.39 million; 1,000 BTC ($87.17 million), opened at $91,506, with a floating loss of $4.33 million; and 511,000 SOL ($61.36 million), opened at $130.1, with a floating loss of $5.24 million.