**SlowMist Flags Linux Snap Store Attack Targeting Crypto Seed Phrases**

A sinister new attack vector has been discovered by blockchain security company SlowMist, compromising long-standing users of the popular Linux app store, Snap Store. The attackers have hijacked trusted publisher accounts via expired domains, allowing malicious wallet updates to infiltrate the systems of unsuspecting users.

According to a recent post on X by 23pds, SlowMist's chief information security officer, the attack relies on exploiting expired domain names linked to legitimate publisher accounts. Once a domain expires, attackers can re-register it and use the associated email addresses to reset account credentials. This process enables them to quietly take control of established publisher accounts with existing download histories and active users.

The compromised applications impersonate popular crypto wallets, including Exodus, Ledger Live, and Trust Wallet, using interfaces that closely resemble legitimate software. Once installed or updated, the malicious apps prompt users to enter wallet recovery phrases, allowing attackers to exfiltrate credentials and drain funds without users realizing they have been compromised.

SlowMist confirmed that two publisher domains, "storewise[.]tech" and "vagueentertainment[.]com," have been compromised using this attack vector. Applications tied to the accounts were reportedly modified to impersonate well-known crypto wallets.

This attack vector highlights a broader trend in crypto-related threats, where attackers are increasingly targeting infrastructure and distribution channels rather than smart-contract code. According to CertiK data shared with Cointelegraph in December, total crypto hack losses reached $3.3 billion in 2022, despite a sharp decline in the number of individual incidents. The losses became concentrated in fewer but more damaging supply-chain attacks, which accounted for $1.45 billion in losses across just two incidents.

As protocol-level security improves, attackers are shifting toward higher-impact tactics that exploit trust relationships, software updates, and third-party infrastructure. This trend suggests a need for increased vigilance among crypto users, developers, and service providers to prevent such attacks from succeeding.

**Related:**

* 80% of hacked crypto projects never 'fully recover,' expert warns * Supply-chain attacks grow as crypto exploits become more sophisticated

**Magazine:**

* Meet the onchain crypto detectives fighting crime better than the cops