Киберпреступники используют Snap Store для «атак будущего» на криптокошельки Translation: Cybercriminals exploit Snap Store for attacks of the future on cryptocurrency wallets

As part of a recent attack, cybercriminals are exploiting the trust associated with the official Snap Store on Linux to steal the seed phrases of cryptocurrency wallets. This was reported by the head of information security at SlowMist, known by the nickname 23pds.

In this attack, the perpetrators register expired domains linked to developer accounts in the Snap Store. This allows them to discreetly gain control over accounts that have a history and active users.

Subsequently, the fraudsters distribute updates containing malicious code through official channels for software already installed on the victims’ devices.

The compromised applications are disguised as popular cryptocurrency wallets—Exodus, Ledger Live, and Trust Wallet—and prompt users to enter their mnemonic phrases for account recovery, which are then sent to the attackers.

Two domains, «storewise[.]tech» and «vagueentertainment[.]com,» have been confirmed as compromised using this method, according to SlowMist.

The attack vector described by experts reflects a broader shift in cyber threats targeting the cryptocurrency industry. Rather than direct attempts to compromise smart contracts, attackers are increasingly focusing on the infrastructure and software distribution channels, taking advantage of user trust in official sources.

In late December, hackers injected malicious code into an update for Trust Wallet for Chrome. That attack affected 2,520 addresses and resulted in losses of $8.5 million.

It was later revealed that the hack stemmed from a large-scale supply chain attack known as Sha1-Hulud, which was recorded in November. During that incident, hackers gained access to confidential developer information on GitHub and the API key for the Chrome Web Store.

As a reminder, in 2025, hackers stole over $3.4 billion in cryptocurrency, as reported by Chainalysis.