Attacker Drains Hundreds of EVM Wallets in “Wide-Net” Crypto Exploit

An attacker has siphoned funds from a whole lot of crypto wallets throughout Ethereum Virtual Machine (EVM)–suitable networks, draining small quantities from every handle in what onchain investigator ZachXBT described as a broad, low-value operation.

While particular person losses have been restricted, sometimes below $2,000 per pockets, the incident’s scope factors to a coordinated marketing campaign slightly than an remoted breach.

According to ZachXBT, affected wallets span a number of EVM chains, suggesting the attacker solid a “extensive internet” to seize modest sums at scale.

Hackless Warns Automated Attack Behind EVM Wallet Drains

Cybersecurity agency Hackless echoed that evaluation, warning customers that the exercise seems automated and urging fast steps similar to revoking good contract approvals and intently monitoring pockets exercise.

Early clues point out a phishing vector might have performed a task. Cybersecurity researcher Vladimir S. stated a spoofed e mail posing as authentic communication from MetaMask might have lured customers into granting approvals or signing malicious transactions.

Screenshots shared on social media confirmed an e mail intently mimicking official branding, a tactic designed to decrease suspicion and speed up compromise.

Possible begin of a large-scale hack.

According to @zachxbt, a whole lot of wallets throughout a number of EVM chains are at the moment being drained in small quantities (below $2k per sufferer).
The root trigger remains to be unknown.
~$107,000 stolen thus far – and the quantity remains to be rising.

Suspicious… pic.twitter.com/ZLkZ3RM4zG

— Hackless (@hackless_defi) January 2, 2026

The pockets drain may additionally be linked to a separate incident involving Trust Wallet, which reported a $7 million hack on Christmas Day.

That breach compromised roughly 2,596 wallets and was later tied to a supply-chain assault referred to as “Sha1-Hulud,” which focused npm packages broadly utilized by crypto builders.

Trust Wallet’s incident report stated leaked developer secrets and techniques from GitHub allowed an attacker to change the pockets’s browser extension and add a malicious model to the Chrome Web Store.

Industry figures have prompt insider entry might have been an element in the Trust Wallet case.

Blockchain adviser Anndy Lian referred to as the circumstances “not pure,” whereas Binance co-founder and former CEO Changpeng Zhao stated the assault seemingly required deep information of the pockets’s supply code.

Binance, which owns Trust Wallet, stated the cellular app was unaffected and dedicated to reimbursing impacted customers.

Whether the 2 incidents are immediately related stays unconfirmed. Still, the overlap in ways,browser extensions, phishing, and approval abuse, exhibits a well-recognized danger sample for EVM customers.

Crypto Hack Losses Fell 60% in December

As reported, crypto-related losses from hacks and cybersecurity exploits fell sharply in December, dropping 60% month-on-month to about $76 million.

The determine marks a notable decline from November’s $194.2 million, providing a uncommon pause after months of elevated assault exercise throughout the sector.

PeckShield stated December noticed 26 main crypto exploits, with a handful of incidents accounting for the majority of losses. The largest concerned a single person who misplaced $50 million in an handle poisoning rip-off.

In such assaults, risk actors ship small transactions from pockets addresses that intently resemble authentic ones, hoping victims will mistakenly copy or choose the fraudulent handle throughout a switch.

Last month, US prosecutors have charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from round 100 Coinbase customers by an alleged phishing and social engineering scheme.

The publish Attacker Drains Hundreds of EVM Wallets in “Wide-Net” Crypto Exploit appeared first on Cryptonews.