An unknown attacker drained funds from hundreds of cryptocurrency wallets on Ethereum Virtual Machine (EVM)-compatible networks in a broad, low-value operation that security experts say appears automated and phishing-driven. Blockchain sleuth ZachXBT reported that the compromised wallets span multiple EVM chains, with each address typically losing less than $2,000. Security firm Hackless said the pattern strongly suggests an automated exploit and urged users to revoke unnecessary smart contract approvals, monitor wallet activity closely, and treat unexpected prompts to sign transactions with extreme caution.
Initial indicators point to phishing as the entry point, with researchers noting spoofed emails impersonating MetaMask crafted to resemble official communications and potentially trick users into approving malicious transactions or installing rogue browser extensions. The wave of wallet drains may be connected to or echo a recent high-profile breach involving Trust Wallet, which disclosed a $7 million hack on Christmas Day affecting roughly 2,596 wallets in a supply-chain attack dubbed “Sha1‑Hulud” targeting npm packages widely used by crypto developers. Trust Wallet reported that developer secrets exposed on GitHub enabled an attacker to alter the project’s browser extension and publish a malicious version to the Chrome Web Store, with industry commentary suggesting insider access or deep familiarity with the codebase. Binance, which owns Trust Wallet, stressed that the mobile application was not affected and pledged to compensate users who suffered losses in the browser extension incident.
While investigators have not established a direct technical link between the Trust Wallet breach and the latest EVM wallet drains, the overlap in methods—malicious extensions, phishing lures, and abuse of transaction approvals—highlights persistent vulnerabilities for users on EVM chains. The broader crypto-security landscape has cooled, with PeckShield reporting total funds stolen via hacks and exploits fell by about 60% in December to roughly $76 million, though December still saw 26 major incidents. One of the largest December exploits involved an address-poisoning scam that drained $50 million from a single victim, and US prosecutors charged a 23-year-old Brooklyn resident with stealing around $16 million from approximately 100 Coinbase customers through phishing and social engineering.
Leave a Reply