Based Apparel, the merchandise store co-founded by FBI Director Kash Patel before his appointment, has been taken offline after security researchers discovered it was serving malware to steal cryptocurrency wallet credentials.
The site went dark on May 22, 2026, after reports surfaced on X flagging the compromise. The attack specifically targeted macOS users and was capable of siphoning data from more than 200 crypto wallet browser extensions.
Visitors were presented with a fake Cloudflare validation check that tricked them into executing malicious terminal commands. Once inside, the malware harvested browser credentials, session tokens, and sensitive data, with a focus on crypto wallet extensions. MetaMask users reportedly received warnings about malicious transactions connected to their activity on the site.
The malicious payload was flagged by 27 antivirus engines on VirusTotal.
Based Apparel was co-founded by Patel and Andrew Ollis. This is the second security breach tied to Patel in months; an Iran-linked email hack targeted his communications in March 2026.
The number of affected users and potential financial losses remain undisclosed.