SlowMist’s Cosine states that the Trust Wallet patched version still has not removed PostHog JS, which may pose security risks
According to Deep Tide TechFlow, on December 26, SlowMist's Cosine disclosed that Trust Wallet browser extension version 2.68.0 was injected with malicious code. The attacker implanted PostHog JS to collect users' wallet private information, including mnemonic phrases, and sent the data to a server controlled by the attacker at api.metrics-trustwallet[.]com. Although Trust Wallet has released a fixed version 2.69.0, SlowMist's Cosine pointed out that this version still has not removed the PostHog JS code.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Wintermute founder: Hopes Stani will propose a concrete plan for AAVE and Labs value capture next year
BSC mainnet Fermi hard fork scheduled to activate on January 14, 2026
BlackRock ETF address deposits approximately $114 million worth of Bitcoin and Ethereum to an exchange
Aave founder clarifies that the $15 million purchase of AAVE tokens was not used for proposal voting
Trending news
MoreCrypto prices
More
