Tradingview Windows Desktop App has been compromised

[cr197]

I recently downloaded the tradingview.com desktop app from the official website.
This was on 11/01/25.
Nearly one month later on December 3rd, my metamask wallet was cleaned out.

I sent this post to

On Monday, December 22, 2025 at 3:15:21 PM UTC+1 Craig wrote:

    On November 1st, 2025, I downloaded the tradingview desktop app from the official site.
    On December 3rd, 2025, my metamask account was hacked. I lost roughly 4000 dollars.
    Here is the block explorer for the hack: https://polygonscan.com/tx/ 0xc13001e14855946da7717aabb36d d6606f1b9cf84e405306068e79a5eb fbdfea

    What's concerning is that I think someone's compromised your app.
    I still have the existing download file for evidence.

    I was hoping someone could verify whether I'm right or wrong. I'm not trying to spread fud or hate. I've been a member of tradingview.com for years.

    I have a friend who is in development. He is concerned and told me to relay this message:

    "I downloaded the official Tradingview app at their OFFICIAL link(https://tvd-packages. tradingview.com/stable/latest/ win32/TradingView.msix) and it contained malware. Its possible the website is selectively scamming users or one of their developers or hackers had control of their servers temporarily. The website was connected to by an SSL connection, the computer was completely clean. Firefox shows their official download link. Screenshots are provided(here).

    How Tradingviews desktop hacked software tried to hide itself:

    First the software sent the payload and note how the file changed itself within seconds after running it which is shown in the screenshot most likely to hide that it was their software and match the sha hash. Then it pulled from a defunct github after running a sleep command for a few minutes. Then it hijacked the windows Nfservice.dll after downloading 7zip and unlocking an encrypted zip file payload. Then it was a remote access and keylogging trojan to which it waited a month and then hacked into my metamask and stole the funds. I'm reporting this to inform Tradingview and their users so that nobody else loses funds. I'm deeply concerned that Tradingview is selectively scamming users and if their team realizes that this is the case then contact me please if there is any such thing as customer support although based on the one star rating at trustpilot I don't have my hopes up. If the news wishes to pick up this story I'm able to collaborate because it's possible other users can get hacked for millions of dollars. So hopefully I am able to inform people before it's too late.

    Here is the sandbox which I found from almost the identical hack performed on someone who visited a phishing link:

    https://www.joesandbox.com/ analysis/1812426/0/iochtml

    Please note I did NOT visit a phishing link as my Firefox shows that only their official link was visited. I triple checked it to make sure. "

    End quote

    I hope I'm wrong, but at the same time, I don't want this to happen to anyone else if I'm right.

    I will post screenshots of download.

    Respectfully,
    Craig
    Tradingview user since 2014
    Sorry, this post was removed by Reddit’s filters.

[cr197]

security@tradingview.com is giving me the run around.
Be warned if you have tradingview's window desktop app installed recently.

[owlcatz]

I just dowloaded it from here - https://www.tradingview.com/desktop/

Virustotal shows no issues - https://www.virustotal.com/gui/file/f61d0db0d6f4309fab123aa4b54b6da1f57a88d98a721a32134c5e0ef46fa706

Open PS 5.1, modify the path to the msix, then run / paste this script. it will output something like this below (From today's download):

Code:

$Path = '.\TradingView.msix'

$fi  = Get-Item -LiteralPath $Path
$sig = Get-AuthenticodeSignature -LiteralPath $Path

[pscustomobject]@{
    Name           = $fi.Name
    FullName       = $fi.FullName
    LengthBytes    = $fi.Length
    LengthMB       = [math]::Round(($fi.Length / 1MB), 2)
    Created        = $fi.CreationTime
    Modified       = $fi.LastWriteTime
    SHA256         = (Get-FileHash -LiteralPath $Path -Algorithm SHA256).Hash

    SigStatus      = $sig.Status
    SigStatusMsg   = $sig.StatusMessage

    SigSubject     = $sig.SignerCertificate.Subject
    SigIssuer      = $sig.SignerCertificate.Issuer
    SigThumbprint  = $sig.SignerCertificate.Thumbprint
    SigNotBefore   = $sig.SignerCertificate.NotBefore
    SigNotAfter    = $sig.SignerCertificate.NotAfter

    TimeStamper    = $sig.TimeStamperCertificate.Subject
    TSIssuer       = $sig.TimeStamperCertificate.Issuer
    TSThumbprint   = $sig.TimeStamperCertificate.Thumbprint
    TSNotAfter     = $sig.TimeStamperCertificate.NotAfter
} | Format-List

MY OUTPUT FROM DOWNLOAD TODAY:

Code:

Name          : TradingView.msix
FullName      : C:\Users\me\Downloads\TradingView.msix
LengthBytes   : 150603745
LengthMB      : 143.63
Created       : 1/25/2026 12:18:16 PM
Modified      : 1/25/2026 12:18:16 PM
SHA256        : F61D0DB0D6F4309FAB123AA4B54B6DA1F57A88D98A721A32134C5E0EF46FA706
SigStatus     : Valid
SigStatusMsg  : Signature verified.
SigSubject    : CN="TradingView, Inc.", O="TradingView, Inc.", S=Ohio, C=US
SigIssuer     : CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
SigThumbprint : 080ADCC9152C37F4F4EA6B88FD903DB2D5A3B501
SigNotBefore  : 11/23/2025 7:00:00 PM
SigNotAfter   : 11/23/2028 6:59:59 PM
TimeStamper   : CN=Sectigo Public Time Stamping Signer R36, O=Sectigo Limited, S=West Yorkshire, C=GB
TSIssuer      : CN=Sectigo Public Time Stamping CA R36, O=Sectigo Limited, C=GB
TSThumbprint  : 38C914811044B4DC663E93D4744B814186A9B5B1
TSNotAfter    : 3/21/2036 7:59:59 PM

I gues my point is - Check EVERYTHING. Wipe your computer. start over. Good luck.

[notblox1]

Why didnt you use tradingview in your browser?
This is the reason why I dont like installing any applications on device that is connected with my coins.
It is better to have separate device and use it only for crypto storage, or use offline cold wallets to be safer.

[NotATether]

Why didnt you use tradingview in your browser?
This is the reason why I dont like installing any applications on device that is connected with my coins.
It is better to have separate device and use it only for crypto storage, or use offline cold wallets to be safer.

Or just don't use Windows. That solves about 90% of the problems related to stealers.

[JeromeTash]

What I have always seen are mostly cases of a tradingview account that is linked to an exchange getting compromised but the app itself being a malware or compromised? i highly doubt. Now I am not saying it's not possible but if it ever happened, then lots of funds would have been lost from the so many traders and not just you. And news would be making rounds already.

Stop keeping funds on a computer/device you always use to connect to the internet.