china hacker group theft

A hacker group operating out of Wuhan, China just got exposed — and ironically, it was their own greed that did them in. A dispute over profit-sharing got so bad that a disgruntled team member leaked internal documents, chat logs, and technical manuals to the media. Chaos ensued.

The group, operating under corporate cover names like Wuhan Anshun Technology, Wuhan Anfen, and Wuhan Anxun, had been running a legitimate-looking security business while quietly stealing crypto on the side.

Their operation was sophisticated. They exploited weaknesses in Electron-based wallet clients, reverse-engineered browser plugins to extract security credentials, and installed remote control software to intercept wallet data in real time. The crown jewel of their toolkit was automated bulk-scanning software built specifically to harvest mnemonic phrases — basically the master keys to any crypto wallet. Once users accessed their wallet extensions, malicious code quietly captured their seed phrases. Gone.

Trust Wallet was their primary target. Of the 2,520 compromised wallet addresses identified, Trust Wallet took the hardest hit. The group went after 37 different token types across Ethereum, BNB Chain, and Arbitrum. SlowMist, a blockchain security firm, estimated early losses at 33 BTC plus roughly $3 million across Ethereum and Layer-2 networks. Trust Wallet’s own assessment put total impacted assets at $8.5 million. Experts warned the real number could be even higher.

Moving the money was equally calculated. Stolen funds were split into smaller chunks, shuffled through multiple transactions, and distributed across different blockchain networks. Classic laundering playbook. Seventeen attacker-controlled addresses were eventually traced, but fragmentation made full recovery painfully complicated.

The group had a clear internal structure — separate teams handling target research, tool development, and asset laundering. This wasn’t some bedroom operation. These people had manuals. Documented procedures. An HR problem, apparently, too. The whistleblower also announced plans to surrender to law enforcement authorities following the fallout. The group’s fake corporate facade allowed them to operate as a legitimate cybersecurity firm while conducting theft operations underneath.

Initial loss estimates hovered around $7 million before climbing higher. The full scope remains murky. Security experts consistently emphasize that storing seed phrases offline is one of the most effective defenses against this type of supply chain attack. What’s clear is that a well-organized criminal enterprise with a fake corporate face ran one of the more alarming crypto supply chain attacks in recent memory. Until they couldn’t split the money without fighting about it.

Leave a Reply
You May Also Like

Zerolend to Wind Down After 3 Years — Why Are Users Being Told to Withdraw Funds?

Zerolend’s sudden closure leaves users scrambling. What caused this stunning downfall and what does it mean for your investments? Act now before it’s too late.

Hundreds of MetaMask Wallets Drained — Don’t Click That ‘Update’ Alert

Hundreds of MetaMask users have been left reeling as over $107,000 vanishes. Are you next? Learn how to safeguard your assets now.

Controversial: Solana Slashes $500M in Sandwich Attacks as 75% of SOL Staked in 2025 Overhaul

Solana’s $500 million sandwich attack scandal reveals shocking vulnerabilities. Can new security measures truly protect stakers? The resolution lies in the details.

PDF24 Installer Hijack: Inside the Stealthy PDFSIDER In‑Memory Backdoor Campaign

A critical flaw in PDF24 Creator exposes businesses to severe risks. Will your data be the next casualty? Learn how to protect yourself.