#What happened to Based Apparel?
Based Apparel, a merchandise store established by Kash Patel prior to his role as FBI Director, has been taken offline due to security concerns. Security researchers identified that the site delivered malware aimed at stealing cryptocurrency wallet credentials from its visitors.
The shutdown occurred on May 22, 2026, shortly after reports on X highlighted the site's vulnerabilities. This malware primarily targeted macOS users, exploiting over 200 different crypto wallet browser extensions.
#How did the malware function?
The attack was designed to mislead users by displaying a deceptive Cloudflare validation check. Instead of confirming human users, it coerced them into executing harmful terminal commands on their devices. According to reports, once the malware infiltrated a system, it rapidly collected browser credentials, session tokens, and other sensitive information. Users of MetaMask, one of the most popular crypto wallets, received alerts about suspicious transactions tied to their engagement with Based Apparel before the site ceased operations.
The payload associated with this attack raised alarms across multiple cybersecurity platforms, being flagged by 27 antivirus engines on VirusTotal.
#What is the link to Kash Patel?
Kash Patel co-founded Based Apparel alongside Andrew Ollis before assuming his position as FBI Director. This incident marks the second security breach associated with Patel within a few months; in March 2026, his communications were compromised in an email hack linked to Iran. While the number of affected users remains undisclosed, it is still unclear which specific cryptocurrencies or protocols were involved, and potential financial losses are unquantified.
#How should investors react?
The focus on over 200 targeted wallet extensions highlights a significant risk for anyone using browser-based wallets. For investors, this situation serves as a critical reminder to carefully audit wallet extensions, verify the authenticity of websites prior to entering credentials, and approach unexpected prompts—especially those mimicking Cloudflare—with skepticism. Taking precautionary steps now can help mitigate potential losses in the future.