#钱包安全漏洞 Trust Wallet's recent vulnerability incident is worth a close look. The direct loss of $6 million, combined with over 200 million downloads and a 35% market share, indeed has a significant impact. However, from an on-chain data perspective, the real patterns that need vigilance are actually behind the scenes.

By carefully comparing security incidents of plugin wallets over the years, official vulnerabilities account for a very small proportion—such as Trust Wallet's WebAssembly vulnerability in 2022 and MetaMask's Demonic vulnerability. These types of direct technical flaws can be traced back to specific versions. Conversely, impersonation software and phishing attacks have become the mainstream threats. The multiple clone extensions that surged in the Firefox Add-ons store in 2025 are typical examples.

This signals to me that the reasons behind user funds being stolen have clearly diversified. One type involves protocol vulnerabilities in the plugins themselves (rare, but losses are concentrated), and the other involves user behavior vulnerabilities (common, dispersed but frequent).

The impact on position allocation is minimal, but wallet selection strategies can be optimized—downloading from the official Chrome Web Store has become a necessary condition, not just a recommendation. Based on this, more attention should be paid to self-custody solutions for large positions and the trade-offs related to cold wallet liquidity.