A low-profile exploit has drained more than $107,000 from hundreds of crypto wallets across several EVM-compatible chains, raising fresh alarms about self-custody security.
Quick Summary – TLDR:
- Over $107,000 stolen from hundreds of wallets across multiple EVM networks.
- Losses per wallet are typically under $2,000, helping the attacker stay under the radar.
- No confirmed exploit vector or responsible party has been identified.
- Ongoing investigation highlights broader risks in cross-chain wallet activity.
What Happened?
A new on-chain alert from blockchain investigator ZachXBT has revealed a quiet but active wallet-draining operation affecting users across Ethereum Virtual Machine (EVM) compatible networks. Instead of going after large balances, the attacker is draining small amounts from many wallets, which has allowed the exploit to avoid detection until recently.
So far, more than $107,000 has been siphoned, and the exploit is still ongoing.
🚨BREAKING: According to ZachXBT, hundreds of wallets across EVM chains are being drained in amounts under $2K each. Over $107K has already been stolen, and the cause remains unknown.
— Pushpendra Singh Digital (@PushpendraTech) January 2, 2026
Stay alert. pic.twitter.com/nqOv01lGdj
A Pattern of Silent Theft
This attack is notable not for its size per victim, but for how widespread and stealthy it is. Most affected wallets have lost less than $2,000 each, according to ZachXBT. The method relies on staying beneath the radar of monitoring tools and user attention.
- The activity spans multiple EVM chains, showing it’s not limited to a single ecosystem.
- Investigators observed consistent transaction timing and withdrawal amounts, pointing to a coordinated campaign rather than isolated incidents.
- Funds are being routed into interconnected addresses, suggesting a single actor or closely tied group.
No clear vulnerability has been identified yet. Investigators have ruled out any known smart contract flaws, phishing campaigns, or wallet provider issues as the direct cause. This lack of clarity makes mitigation difficult for both users and developers.
Linked but Unconfirmed Addresses
While the attacker’s identity is unknown, ZachXBT has flagged a suspicious wallet address believed to be involved in the exploit: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB.
The wallet activity tied to this address shows patterns consistent with the wider draining campaign, but without a definitive exploit path, it remains unclear how the attacker is gaining access to so many wallets.
Not an Isolated Case
This event is part of a broader pattern of persistent crypto security challenges. According to data from security firm PeckShield, December 2025 saw 26 major crypto exploits, totaling about $76 million in losses. Although that figure is down from $194 million in November, it underscores the ongoing threat of exploitation in the space.
One recent high-profile case involved Trust Wallet, which suffered a browser extension breach during the Christmas period. A malicious version 2.68 of its extension was published to the Chrome Web Store, bypassing Trust Wallet’s official release protocols. Roughly $8.5 million was stolen from over 2,500 wallets. Trust Wallet has since begun compensating affected users and reinforcing its verification processes.
Ongoing Investigation and Limited User Defenses
ZachXBT confirmed that the wallet draining campaign is still active, and there is no concrete explanation yet for how the wallets are being compromised. Without a specific exploit identified, users are left with few defenses beyond monitoring for suspicious activity and improving personal security practices.
The attack strategy exposes a key risk: even if each incident is small, collectively they form a significant threat to the ecosystem.
SQ Magazine Takeaway
I find this attack deeply unsettling, not just because of the amount stolen, but because of how silently it happened. This kind of low-key exploit shows that you don’t need to be a high-value target to be vulnerable. It reminds us that self-custody comes with serious responsibilities, especially in an environment where threats evolve fast. If you use EVM-compatible wallets, now’s the time to audit your approvals, tighten your security, and stay alert.
