In a new attack, cybercriminals exploit trust in the official Snap Store on Linux to steal cryptocurrency wallet seed phrases. This was reported by SlowMist's head of information security, known as 23pds.
Linux users beware: A new type of attack has emerged in the Snap Store, where expired domains become hacker backdoors to steal users' crypto assets.
— 23pds (山哥) (@im23pds) January 21, 2026
Modified applications masquerade as well-known crypto wallets like Exodus, Ledger Live, or Trust Wallet, tricking users into entering their "wallet recovery mnemonic," leading to stolen funds. https://t.co/PaHiXCbfUU
In this attack, cybercriminals register expired domains linked to developer accounts in the Snap Store. This allows them to gain control over accounts with a history and active users unnoticed.
Next, the fraudsters send updates through official channels for software already installed on victims' devices, containing malicious code.
The compromised applications disguise themselves as popular crypto wallets—Exodus, Ledger Live, and Trust Wallet—and prompt users to enter a recovery mnemonic phrase, which is then sent to the attackers.
According to SlowMist, two domains have been hacked using this scheme—"storewise[.]tech" and "vagueentertainment[.]com."
The attack vector described by experts reflects a broader shift in cyber threats to the crypto industry. Instead of direct attempts to compromise smart contracts, criminals are increasingly targeting infrastructure and software distribution channels, capitalizing on users' trust in official sources.
In late December, hackers inserted malicious code into an update for Trust Wallet for Chrome. This attack affected 2,520 addresses and resulted in losses of $8.5 million.
It was later revealed that the breach was part of a large-scale supply chain attack, Sha1-Hulud, recorded back in November. Hackers gained access to developers' secret data on GitHub and the API key for the Chrome Web Store.
As a reminder, in 2025, hackers stole over $3.4 billion in cryptocurrencies, according to Chainalysis.