Two major cybersecurity incidents shook user confidence in late 2024: $7 million stolen via a compromised Chrome extension at Trust Wallet, and another personal data leak at Ledger. As attacks multiply, the industry is exploring radically different approaches to secure the ecosystem.
On December 24, 2025, an update to Trust Wallet’s Chrome extension (version 2.68) allowed attackers to siphon nearly $7 million across multiple blockchains. The incident, first revealed by on-chain investigator ZachXBT, affected hundreds of users who had imported their recovery phrases into the compromised extension.
According to analyses by PeckShield and SlowMist, the malicious code silently transmitted wallet data to a phishing domain (metrics-trustwallet.com), registered just days before the attack. The stolen funds — approximately $3 million in Bitcoin and over $3 million in Ethereum — were routed through centralized exchanges (ChangeNOW, FixedFloat, KuCoin) for laundering.
Eowyn Chen, Trust Wallet’s CEO, confirmed that the malicious extension was published via a compromised Chrome Web Store API key, bypassing internal validation processes. Changpeng Zhao, co-founder of Binance (which owns Trust Wallet), announced full reimbursement for victims while suggesting possible involvement of a “nation-state actor” or insider.
In early January 2026, Ledger informed customers of a new exposure of personal data following a breach at Global-e, its payment processor and e-commerce partner. Compromised information includes names, email addresses, and postal addresses of certain buyers on ledger.com.
Ledger clarified that its internal systems, hardware, and software were not affected. Global-e has no access to recovery phrases (24 words), private keys, or user balances. However, this leak revives concerns: in 2020, a similar breach exposed data from over 270,000 customers, fueling persistent phishing campaigns and “wrench attacks” (targeted physical extortion).
According to an internal Ledger study, social engineering attacks increased by 40% in 2025 compared to 2024, with attackers now exploiting stolen personal data to bypass traditional security measures.
These two incidents, while different in nature, share a common thread: dependence on single points of failure. At Trust Wallet, a single compromised API key was enough to inject malicious code. At Ledger, trust placed in an external vendor exposed customer data.
According to the Chainalysis 2025 report, over $3.4 billion was stolen from the crypto ecosystem this year, with a sharp rise in attacks targeting individual users rather than protocols. CertiK confirms this trend: hackers are moving away from smart contract vulnerabilities to exploit human weaknesses and peripheral entry points.
Facing this reality, the blockchain cybersecurity industry is exploring new approaches to overcome the limitations of the traditional model.
Several major players offer complementary approaches to securing the Web3 ecosystem:
The global leader in smart contract auditing, CertiK has raised $296 million and protects over $300 billion in assets for 3,200 clients. Its Skynet platform offers real-time monitoring, while formal verification tools identify vulnerabilities before deployment. Limitation: auditing remains a point-in-time snapshot that doesn’t cover post-deployment threats or infrastructure attacks.
Hacken and Quantstamp offer recognized audit services, with Proof-of-Reserves for exchanges. Bybit EU, for example, uses Hacken audits for transparency. Limitation: like CertiK, these audits don’t protect against evolving threats or real-time infrastructure compromises.
A radically different approach is emerging with Naoris Protocol, which transforms every connected device into a security validation node. Founded in 2018 by David Carvalho, the protocol deploys a decentralized “Trust Mesh” where devices audit each other in real time, eliminating single points of failure.
Unlike point-in-time audit solutions, Naoris operates via an innovative consensus mechanism called dPoSec (Decentralized Proof of Security), where each node continuously validates the integrity of others. The platform also integrates SWARM AI, a distributed artificial intelligence that coordinates threat responses and instantly distributes defensive updates.
What particularly distinguishes Naoris is its post-quantum infrastructure. While current cryptographic algorithms (RSA, ECC) are vulnerable to future quantum computers, Naoris uses standards aligned with NIST, NATO NCIA, and ETSI (notably Dilithium-5) to ensure long-term resilience. In September 2025, the protocol was cited in a U.S. SEC submission as a reference model for quantum-resistant blockchain infrastructure.
The testnet, launched in January 2025, shows impressive metrics: over 100 million post-quantum transactions processed, 3.3 million wallets, 1 million validator nodes, and 600 million threats neutralized. The project has raised $31 million from investors including Tim Draper and benefits from advisors including former IBM, NATO, and White House officials.
In the Trust Wallet case, a Trust Mesh architecture could have detected the abnormal behavior of the compromised extension (data transmission to an external domain) before funds were drained. Every device in the network could have collectively alerted to the anomaly.
For Ledger, dependence on a single vendor (Global-e) illustrates the limitations of the centralized model. Decentralized validation of third-party system integrity would have reduced the attack surface and limited data exposure.
The distributed “zero-trust” philosophy doesn’t just secure a single point: it makes the entire ecosystem resilient. This approach could apply not only to wallets but also to DeFi platforms, DAOs, and critical governance systems.
The distributed “zero-trust” philosophy doesn’t just secure a single point: it makes the entire ecosystem resilient. This approach could apply not only to wallets but also to DeFi platforms, DAOs, and critical governance systems.
