Hack Warning: Mysterious Wallet-Draining Attack Spreads Across EVM Chains
A silent and unfamiliar attack pattern is moving through Ethereum-compatible blockchains, alarming researchers who say it does not resemble standard phishing scams or smart contract exploits.
Instead of one clear breach, wallets are being drained in small amounts across multiple networks, often without victims realizing what went wrong until funds are already gone.
- An unusual wallet-draining attack is spreading across multiple EVM chains, with no clear phishing link or smart contract exploit identified so far.
- Stolen funds are being deliberately scattered across Ethereum, BNB Chain, and several layer-2 networks, complicating tracing efforts.
- The incident adds to a surge in crypto hacks in December, reinforcing concerns about wallet infrastructure and browser-based security risks.
The activity was first highlighted by on-chain investigator ZachXBT, who identified clusters of unexplained wallet losses. While most individual cases involve relatively small sums, typically under $2,000, the combined losses have already climbed above $107,000 and may grow as more affected wallets are uncovered.
No clear exploit leaves users and analysts guessing
What makes this incident particularly troubling is the absence of a confirmed entry point. Analysts have not linked the drainings to malicious contract approvals, compromised smart contracts, or widespread phishing links. This has shifted suspicion toward deeper infrastructure issues, possibly involving wallet software or browser-based components rather than direct user mistakes.
The lack of clarity has made defensive measures harder, as users do not yet know which specific actions may expose them to risk.
Stolen funds scattered across multiple blockchains
On-chain tracking shows that the attacker is deliberately fragmenting the stolen assets. The largest share remains on Ethereum, with a significant portion bridged to BNB Chain. Smaller balances have appeared across Base, Arbitrum, Polygon, Optimism, as well as Avalanche, Linea, and Zora.
This dispersion suggests an effort to slow down forensic analysis rather than immediately cash out the funds.
Possible overlap with earlier Trust Wallet incident
Researchers have also pointed to a potential connection with a previous browser extension issue involving Trust Wallet. During the holiday period, a compromised update briefly exposed users after injected code entered a specific extension version, an incident later linked to losses estimated around $7 million.
Trust Wallet CEO Eowyn Chen confirmed that the affected extension was removed from the Chrome Web Store and replaced with a version offering improved ownership verification and refund tools. While a direct link to the current wallet drainings has not been confirmed, at least one overlapping address has raised fresh questions.
December adds to an already grim security picture
The timing of this incident adds to a bleak month for crypto security. According to PeckShield, December alone saw roughly 26 major exploits, with total losses nearing $76 million.
Beyond this latest case, address poisoning scams drained about $50 million, while a leaked private key tied to a multi-signature wallet resulted in more than $27 million disappearing almost instantly. Over the full year, crypto-related theft is estimated at around $2.7 billion, with the massive Bybit breach standing out as the single largest incident.
A significant portion of these attacks has been linked to state-backed groups, with actors connected to North Korea frequently cited as the most active and damaging.
As investigators continue to piece together the mechanics of this EVM-wide wallet draining, the lack of a confirmed exploit remains the biggest concern. Until more is known, security experts are urging heightened caution, especially around wallet extensions, transaction approvals, and cross-chain interactions.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alexander Zdravkov is a person who always looks for the logic behind things. He has more than 3 years of experience in the crypto space, where he skillfully identifies new trends in the world of digital currencies. Whether providing in-depth analysis or daily reports on all topics, his deep understanding and enthusiasm for what he does make him a valuable member of the team.
