SlowMist has reported a Linux Snap Store attack on Crypto Wallet apps
Blockchain security company SlowMist has identified a new Linux-based attack vector that uses trusted apps distributed through the Snap Store to steal users' crypto recovery seed phrases.
In a post on SlowMist's Chief Information Security Officer 23pds X, attackers are using expired domains to hijack long-standing Snap Store publisher accounts and distribute malicious updates through official channels.
The hacked apps are said to impersonate popular crypto wallets using interfaces that closely resemble legitimate software, including Exsoft, Ledger Live and TrustWallet.
Once installed or updated, the malicious application asks users to enter wallet recovery phrases, allowing attackers to extract data and withdraw funds without ever knowing they've been compromised.
Attackers use expired domains to hack Snap Store publishers
Snap Store is the official Linux app store used to distribute packaged software in a format called “snap”. It is commonly thought of as the Linux equivalent of the Apple App Store on macOS and the Microsoft Store on Windows.
SlowMist said the attack was based on tracking Snap Store developer accounts that have expired but were previously linked to legitimate publishers.
Once a domain expires, attackers can use email addresses associated with the domain to re-register and reset Snap Store account credentials.
According to the SlowMist executive, the process allows attackers to quietly take control of established publisher accounts with existing download histories and active users. Malicious code can then be pushed through regular software updates rather than new installations.
SlowMist has verified two publisher domains, which are “storing[.]Tech” and “Recreation[.]com” were compromised using an attack vector. Applications associated with the account were allegedly modified to impersonate well-known crypto wallets.
RELATED: 80% Of Hacked Crypto Projects ‘Will Never Fully Recover', Expert Warns
As crypto exploits become more sophisticated, supply chain attacks grow.
The Snap Store attack vector is consistent with a broader shift in crypto-related threats, with attackers targeting infrastructure and distribution channels rather than smart contract code.
According to CertiK data shared with Cointelegraph in December, total crypto hacking losses will reach $3.3 billion by 2025, although the number of individuals will decrease significantly.
CertiK's losses were concentrated in a relatively small number of supply chain attacks, resulting in losses of $1.45 billion in just two cases.
The trend shows that as protocol-level security improves, attackers are moving to more influential methods that exploit trust relationships, software updates, and third-party infrastructure.
Magazine: Meet the onchain crypto detectives who fight crime better than the police
