Full Suite Waitlist

We're building something bigger.

The Telegram bot was just the start. We're now building a full suite of DeFi safety tools ΓÇö real-time alerts, portfolio risk monitoring, and deeper protocol analysis.

Want early access? Sign up here: https://forms.gle/wdtdrmACnW5t4uST8

Your feedback shapes what we build next.

Welcome to DeFi Due Diligence

$8.5 million drained from Trust Wallet users right before Christmas.

3,000 wallets. Gone.

And while that was happening, hundreds more wallets across EVM chains started draining too — root cause still unknown.

Welcome to 2026. The hackers didn't take a holiday.

This week: what happened, who's getting compensated, and what you need to check right now.

Breaking: Wallet Drains Hit Thousands

The Trust Wallet Hack (Christmas 2025)

This one has a name: "Shai-Hulud." A supply chain attack that hit Trust Wallet's browser extension.

Here's how it worked:

  1. Attackers got hold of a leaked Chrome Web Store API key

  2. Used it to push a malicious update to Trust Wallet's browser extension (version 2.68.0)

  3. The update contained JavaScript that quietly exfiltrated wallet data

  4. Within days: $7-8.5 million gone from ~3,000 wallets

The good news: Trust Wallet acknowledged the breach and is reimbursing affected users.

The bad news: If you used the browser extension around Christmas, your wallet may already be compromised. Even if nothing's been drained yet.

What To Do Right Now

If You Used Trust Wallet Browser Extension

  1. Check if your wallet was affected. Trust Wallet is reaching out to victims

  2. Move remaining funds to a fresh wallet immediately

  3. Don't use the same seed phrase. Generate a new one

  4. Apply for reimbursement through Trust Wallet's official channels

  5. Watch for phishing. Scammers are already impersonating Trust Wallet "support"

For Everyone Else (The Cross-Chain Drain)

  1. Revoke old approvals. Go to revoke.cash and check every chain you've used. That random DeFi protocol you tried 8 months ago? Revoke it.

  2. Check your wallet activity. Look for any transactions you don't recognize across all EVM chains (Ethereum, Arbitrum, Polygon, BSC, etc.)

  3. If anything looks suspicious: Move funds to a new wallet. Not later. Now.

  4. Stop using browser extension wallets for large amounts. Hardware wallet or nothing for serious holdings.

The pattern is clear: browser extensions are attack vectors. The convenience isn't worth the risk.

Hot Take: The Bitfinex Hacker Paradox

While we're talking about crypto crime, let's talk about consequences.

Ilya Lichtenstein, the guy who hacked Bitfinex in 2016 and stole 120,000 Bitcoin, just walked out of prison.

After 14 months.

Let that sink in.

In 2016, that Bitcoin was worth ~$70 million. Today? $10.8 billion.

He was sentenced to 5 years. Released early under the First Step Act. His wife Heather Morgan (yes, "Razzlekhan," the cringe rapper from the Netflix doc) is reportedly still in custody.

The math:

  • Stole: $10.8 billion (current value)

  • Time served: 14 months

  • Per month: ~$771 million worth of stolen Bitcoin

Here's the thing: there WAS justice here. He got caught. He went to prison. The funds were recovered. That's more than most victims ever see.

But it's messy. The sentences feel inconsistent. Some rug pullers walk free. Some hackers get Netflix docs.

I've been in this space for over 10 years. The justice system for crypto is still being built. It's imperfect, inconsistent, and often frustrating. But it IS evolving.

The takeaway isn't "crypto has no justice." It's that we're still figuring it out. And until we do, your best protection is still your own due diligence.

Before you ape into the next protocol, check the risk score first.

Ser is it safe? gives you a 0-100 risk score in under 5 seconds. Contract analysis, TVL changes, audit status, red flags. All in one Telegram message.

Free. No signup. Just ask.

Try it: @serisitsafebot

Quick Hits

Shai-Hulud is spreading beyond wallets. The same supply chain attack that hit Trust Wallet? It's not done. 28,000+ infected GitHub repos and counting, growing at 1,000 per hour. Even major projects like Postman and PostHog got compromised. The attack exploits leaked API keys to inject malicious code into legitimate packages. If you're a developer, audit your dependencies. If you're not a developer, this is why "just install this extension" advice is dangerous.

UK crypto tax reporting goes live in 2026. New requirements mean UK crypto platforms must report customer transactions directly to HMRC. This includes exchanges, DeFi platforms, and any service touching UK customers. If you've been... creative... with your tax reporting, this is your heads up. The era of "crypto is too complicated for HMRC to track" is ending.

Paradex DEX under fire. Accusations of trading against customers and opaque delisting practices are piling up. Users report positions being liquidated under suspicious circumstances. Another reminder: "decentralized" doesn't always mean "trustworthy." Just because there's no central company doesn't mean there's no one who can rug you. DYOR before you deposit.

The Bottom Line

Old breaches have long tails.

The Trust Wallet hack happened in December. The cross-chain drains are exploiting approvals you signed months ago. The Bitfinex hack was 2016 and we're still talking about it.

Your past decisions catch up. That browser extension you installed. That approval you forgot to revoke. That protocol you tested once and never thought about again. Every signature you've ever made is a potential attack surface.

This is the uncomfortable truth about DeFi security: you can't just "be careful" in the moment. You have to maintain security hygiene over time. One lapse from six months ago can drain you today.

2026 security checklist:

  • Revoke old approvals weekly (revoke.cash)

  • Move serious money to hardware wallets

  • Stop using browser extension wallets for anything important

  • Check your wallets across ALL chains regularly

  • Treat every signature like it's permanent (because it is)

Stay paranoid. It's the only way.

Questions? Reply to this email. I read everything.

Want to check a protocol before you ape? @serisitsafebot

Don't get got.

Anson

P.S. Know someone who's still using browser extension wallets for their life savings? Forward this to them.

P.P.S. If you're building something that handles user funds and want a second opinion on security architecture, reply. I've seen enough post-mortems.

Keep reading

© 2026 Ser is it Safe? | Azentiq Nexus Pte Ltd.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv