\n
![](\"https:\/\/crypto.news\/app\/uploads\/2025\/04\/crypto-news-DeepSeek-China-and-Russia-AI-partnership-option02.webp\")
<\/p>\n
\n<\/p>\n
A hacker group from China posing as a cybersecurity firm has allegedly stolen 7 million dollars via wallet supply\u2011chain attacks, targeting Trust Wallet and other clients before an internal dispute triggered a whistleblower leak.<\/p>\n
\n Summary<\/span>\n <\/p>\n <\/p>\n A Chinese hacker group posing as a cybersecurity firm has been exposed<\/a> after an internal dispute led members to leak details of a multimillion\u2011dollar crypto theft operation. According to market reports, the group claims to have stolen around 7 million dollars in digital assets through supply chain attacks, with targets including popular wallet provider Trust Wallet.\u200b<\/p>\n Operating under the corporate front Wuhan Anshun Technology, the group presented itself publicly as a security company focused on vulnerability research, network offense-and-defense exercises, and security services. Internally, however, members were allegedly conducting \u201cgray market\u201d activity, systematically stealing mnemonic phrases and raiding user wallets across multiple chains. The whistleblower says the team built automated tooling to bulk-scan mnemonic phrase assets and to identify high\u2011value portfolios across Ethereum, BNB Chain, Arbitrum and other networks.\u200b<\/p>\n Per the leaked account, the group exploited supply chain vulnerabilities in Electron-based clients and browser plugins, combined with reverse engineering and remote-control programs, to exfiltrate wallet data and drain funds. The operation allegedly touched 37 different token types across several blockchains, with funds laundered via splitting and transfers to obscure the trail. The immediate trigger for the exposure was an internal fight over profit distribution and unpaid \u201cseverance\u201d to one of the operators.<\/p>\n <\/p>\n The whistleblower claims they clashed with the team leader over what they saw as unfair profit splits, then decided to publicly dump evidence after promised compensation was not delivered, stating they intend to turn themselves in to law enforcement. So far, the allegations have not been officially confirmed, and authorities have not publicly detailed any investigation progress. Industry commentators note that, confirmed or not, the episode again underscores the structural attack<\/a> surface in wallet supply chains<\/a>, plugin ecosystems, and desktop clients\u2014especially for high\u2011value users who treat self\u2011custody software as \u201cset and forget.\u201d\u200b<\/p>\n For retail and institutional users, the lesson is blunt: security risk is not just in private key handling, but in every update, extension, and client wrapper sitting between you and your keys. In a market where attackers<\/a> are willing to build fake \u201csecurity companies\u201d as covers, rigorous supply\u2011chain auditing, minimal plugin use, and strict device\u2011level hygiene are no longer best practices\u2014they are baseline survival requirements.<\/p>\n <\/p><\/div>\n\n\n