SlowMist: Snap Store supply‑chain attack steals wallet seed phrases on Linux
SlowMist has uncovered a Linux-targeted supply-chain attack in the Snap Store that hijacks trusted publisher accounts to push malicious wallet updates which steal recovery seed phrases. Attackers re-registered expired publisher domains (SlowMist confirmed storewise.tech and vagueentertainment.com), used the domain-linked email addresses to reset Snap developer credentials, and pushed updates to legitimate snaps that impersonate wallets including Exodus, Ledger Live and Trust Wallet. When users install or update the compromised snaps they are prompted to enter recovery seeds; attackers then exfiltrate seeds and drain funds. The technique avoids publishing new apps and leverages normal update flows to evade detection. SlowMist and industry data note a trend toward fewer, more destructive supply-chain breaches accounting for outsized losses in recent years. Traders should treat this as a heightened counterparty and operational risk for self-custodial users on Linux: verify package signatures and publisher integrity, delay nonessential updates, prefer hardware wallets, and maintain on-chain hygiene. Primary keywords: Snap Store exploit, wallet seed theft, supply-chain attack. Secondary keywords: Snap developer account takeover, expired domain re-registration, fake wallet updates, Linux crypto security.
Bearish
This incident raises direct negative risk for assets held in software wallets impersonated or distributed via the Snap Store and increases counterparty and operational risk for self-custodial users on Linux. In the short term, affected wallet projects may see user outflows, reputational damage, and sell pressure as victims liquidate compromised holdings—this is bearish for tokens closely associated with those wallets or projects. Market impact on broad crypto indices should be limited and likely short-lived, but tokens tied to the targeted wallets or Linux-centric ecosystems could underperform until integrity and distribution controls are restored. Longer term, the event reinforces demand for hardware wallets and verified distribution channels; that can be neutral-to-positive for custody/hardware wallet projects but remains negative for software wallet operators that suffer trust erosion. Overall, expect immediate sell-side reactions for exposed assets, heightened volatility, and selective, concentrated downside rather than a market-wide crash.