CryptoCurrency
Hundreds of EVM Wallets Quietly Drained as Unknown Exploit Steals Over $107K
An unidentified exploit is draining wallets across multiple EVM chains.
A silent attack is unfolding across EVM networks as hundreds of unsuspecting crypto users are losing funds, prominent on-chain investigator ZachXBT revealed.
But investigators are struggling to identify the exploiter behind it.
Mysterious Wallet Drainer
According to ZachXBT’s latest findings, the attack is targeting a large number of wallets for relatively small amounts. Losses have been mostly below $2,000 per victim. While the individual thefts are limited in size, the cumulative losses are steadily increasing. As of the most recent update shared by the investigator, approximately $107,000 has been drained, and the total is expected to rise as the activity continues. The attack remains active at the time of reporting.
ZachXBT said that the root cause of the wallet drains has not yet been identified, which makes it unclear how the attacker is gaining access to victims’ funds. No definitive exploit vector has been confirmed so far. While the identity of the attacker is also unknown, ZachXBT has flagged a wallet address believed to be linked to the activity: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB.
Trust Wallet Hack
Wallet drains continue to plague crypto users. Just a week earlier, Trust Wallet disclosed a major security incident involving its browser extension. On December 24, a malicious version of the Trust Wallet Browser Extension, version 2.68, was published to the Chrome Web Store outside the company’s normal release and review process.
The compromised version contained malicious code that allowed attackers to access sensitive wallet data and carry out unauthorized transactions. Trust Wallet said the issue only affected users who opened and logged into version 2.68 between December 24 and December 26, and did not impact mobile app users or other extension versions.
The company identified 2,520 affected wallet addresses from which approximately $8.5 million in assets were drained and linked to 17 attacker-controlled addresses. Trust Wallet also noted that the same attacker addresses were used to drain wallets not connected to the incident. The company has since promised reimbursement to affected users.
You may also like:
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
