An attacker has drained “hundreds” of crypto wallets on Ethereum Virtual Machine (EVM) chains, siphoning small sums from each victim in what onchain investigator ZachXBT described as a broad but low-value exploit.
The losses appear limited on a per-wallet basis, with each victim losing less than $2,000, according to ZachXBT. The activity has affected wallets on several EVM-compatible networks, indicating a widespread incident rather than isolated to a single blockchain.
Source: ZachXBTA fraudulent email disguised as legitimate communication from Web3 wallet MetaMask could have been the vehicle for the attack, said cybersecurity researcher Vladimir S., who cited a clue left by another pseudonymous X user.
“This looks like automated, wide-net exploitation,” cybersecurity provider Hackless said, warning users to revoke smart contract approvals and continue monitoring their wallets.
The spoofed MetaMask email might be the cause of the EVM wallet drain, according to Vladimir S. Source: Vladimir S.The widespread wallet drain attacker is potentially linked to the Trust Wallet hack that occurred on Christmas, Vladimir S. said, citing another pseudonymous X user.
The incident highlights the need for crypto holders to exercise online safety measures to protect their funds and sensitive information from constant and evolving cybersecurity threats.
Related: Losses from crypto hacks down 60% in December: PeckShield
Trust Wallet hack claims $7 million on Christmas
The Trust Wallet was hacked on Dec. 25, causing $7 million in losses. About 2,596 wallets were compromised in the incident, according to Trust Wallet.
The incident likely occurred due to the “Sha1-Hulud” supply chain attack in November, which compromised npm software packages commonly used by crypto projects to build blockchain applications, according to Trust Wallet’s incident report.
Developer “secrets” were leaked from Trust Wallet’s GitHub, which gave the attacker access to the wallet’s browser extension source code.
The hacker then uploaded a malicious version of the extension to the Chrome Web Store, disguised as the legitimate extension.
A timeline of the December 2025 hack of Trust Wallet. Source: Trust Wallet“This kind of ‘hack’ is not natural. The chances of an insider are high,” intergovernmental blockchain adviser Anndy Lian said.
Binance co-founder and former CEO Changpeng “CZ” Zhao agreed that the incident may have been due to an insider with deep knowledge of Trust Wallet’s source code. Binance owns Trust Wallet.
Trust Wallet’s Google Chrome web-based browser extension was targeted in the attack, but the mobile application was unaffected, and Binance agreed to reimburse users for losses.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
Source: https://cointelegraph.com/news/hundreds-evm-wallets-drained-mysterious-attack?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
