Hundreds of cryptocurrency wallets across Ethereum Virtual Machine-compatible blockchains have been drained in an ongoing attack that has yet to be fully understood, according to onchain investigator ZachXBT. The incident involves a large number of wallets losing relatively small amounts, typically less than $2,000 each, but the aggregate losses continue to climb as new cases emerge.
As of the latest update shared by ZachXBT, total losses were estimated at roughly $107,000, with the figure expected to rise. The attacker appears to be prioritizing scale over individual payout size, a tactic that can delay detection while steadily accumulating funds. At the time of reporting, the initial attack vector had not been identified, leaving open the possibility of further wallet compromises.
Unclear Entry Point Raises Broader Security Concerns
The lack of clarity around how the wallets are being accessed has raised concerns among security researchers and infrastructure providers. ZachXBT noted that the attacker’s point of entry remains unknown, suggesting the issue could stem from compromised private keys, malicious approvals, phishing campaigns, or vulnerabilities in third-party tooling rather than a single protocol-level flaw.
A suspicious address associated with the activity has been flagged, though no attribution has been confirmed. Without a clearly identified exploit mechanism, wallet providers and users face difficulty implementing targeted defenses, increasing the risk of continued losses. The incident underscores the fragmented security landscape across EVM chains, where shared standards coexist with a wide array of wallet software, extensions, and signing practices.
The episode also highlights a recurring challenge for retail users. Even modest individual losses can be financially and psychologically significant, particularly when assets are irrecoverable and transactions are irreversible. For institutions, such events reinforce the need for stricter custody controls, hardware isolation, and transaction monitoring.
Part of a Wider Pattern of Crypto Exploits
The wallet-draining campaign comes amid a broader wave of crypto-related security incidents, though recent data suggests overall losses have moderated. According to blockchain security firm PeckShield, December recorded around 26 major exploits with total losses of approximately $76 million, a sharp decline from nearly $195 million reported in November.
One of December’s most notable incidents involved Trust Wallet, where a vulnerability linked to a specific version of its browser extension led to roughly $7 million in losses. The firm has since initiated a compensation process and released an updated version of the extension. Trust Wallet’s management said the extension was temporarily unavailable on the Chrome Web Store due to a platform-side issue during the update process.
From a macro perspective, the persistence of wallet-level attacks reflects growing adversarial pressure as crypto adoption expands. While protocol security has improved, attackers increasingly target end users and off-chain infrastructure, where defenses are uneven. For the industry, the current incident serves as another reminder that usability gains often come with new security trade-offs, and that vigilance remains essential as activity across EVM chains continues to grow.