A current cross-chain attack is siphoning funds from numerous crypto wallets across various EVM-compatible blockchains, with losses surpassing $107,000 and continuing to rise as the assault persists.
Blockchain analyst ZachXBT highlighted the situation early on Friday, cautioning that victims are losing relatively modest sums per wallet (generally less than $2,000), while the underlying cause is still unknown.
This orchestrated attack follows a disastrous December for crypto security, which saw $76 million pilfered across 26 significant exploits, including a $50 million address poisoning scam and the Trust Wallet breach on Christmas Day that drained approximately $7 million from users.
Source: Telegram
Emerging Attack Patterns Across Various Blockchains
ZachXBT has pinpointed a suspicious address (0xAc2***9bFB) that may be associated with the ongoing thefts aimed at EVM chains.
The investigator is assembling verified addresses of the theft victims as more individuals come forward and is asking affected users to reach out to him directly via X (formerly Twitter).
The distributed attack resembles tactics observed in recent high-profile cases, where attackers focus on multiple smaller wallets instead of a single large one.
This strategy often avoids immediate detection while maximizing the total funds extracted from compromised accounts.
Security experts remark that the cross-chain nature indicates a sophisticated infrastructure, with threat actors operating concurrently across various blockchain networks to drain assets before victims can react.
In addition to EVM chains, the attack methodology mirrors patterns seen in address-poisoning schemes and private-key breaches that have troubled the industry in recent months.
HACKERS ARE QUIETLY DRAINING FUNDS FROM EVERYDAY WALLETS ACROSS EVM CHAINS
Researcher ZachXBT alerts that hundreds of wallets are being depleted across several EVM networks.
Most victims lose minimal amounts (under $2K), but the overall theft has already reached $107K.
The exact… pic.twitter.com/Jl6DcI0JqE— Zia ul Haque (@ImZiaulHaque) January 2, 2026
Experts stress that the synchronized timing and multi-chain execution suggest well-resourced attackers capable of sustaining persistent infrastructure across different blockchain environments.
Trust Wallet Breach Exposes Wider Vulnerability Crisis
The warning comes just days after Trust Wallet users encountered new complications when the company’s Chrome extension was temporarily removed from the Chrome Web Store, delaying an essential claims verification tool for victims of the Christmas Day breach.
Trust Wallet CEO Eowyn Chen confirmed that Google recognized a technical issue that arose during the release of the new version.
“We understand how alarming this is, and our team is actively addressing the problem,” Trust Wallet stated after identifying 2,520 drained wallet addresses linked to approximately $8.5 million in stolen assets across 17 wallets controlled by attackers.
The December 25 breach originated from a malicious version 2.68 of Trust Wallet’s browser extension, which appeared legitimate, passed Chrome’s review process, but contained hidden code that extracted recovery phrases.
Users who installed the compromised extension and logged in between December 24 and 26 experienced immediate fund outflows across multiple blockchains, including Ethereum, Bitcoin, and Solana.
@TrustWallet users impacted by the Chrome extension hack are still awaiting the claims tool after the extension was pulled due to a Chrome Web Store bug #TrustWallet #CryptoSecurity #Chrome https://t.co/O6atPd0DVa
— Cryptonews.com (@cryptonews) January 1, 2026
Trust Wallet traced the incident to a larger supply-chain attack known as Sha1-Hulud, which emerged in November and compromised multiple companies through exposed GitHub secrets and a leaked Chrome Web Store API key.
The attack bypassed internal approval checks, permitting direct uploads of malicious code that appeared authentic to both automated security systems and manual reviewers.
Industry Confronts Human-Layer Security Crisis
Mitchell Amador, CEO of Immunefi, cautions that the crypto sector faces a fundamental security reckoning as attack vectors increasingly focus on operational vulnerabilities rather than smart contract code.
“The threat landscape is shifting from on-chain code vulnerabilities to operational security and treasury-level attacks,” he told Cryptonews. “As code becomes more robust, attackers are targeting the human element.”
Despite December’s 60% month-over-month reduction in hack losses to $76 million, down from $194.2 million in November, security experts stress that persistent threats remain.
“Crypto is facing a security reckoning,” Amador stated. “Most hacks this year haven’t resulted from poor audits; they’ve occurred after launch, during protocol upgrades, or through integration vulnerabilities.”
Blockchain security firm PeckShield documented 26 significant exploits in December, with address-poisoning scams and private-key leaks causing considerable losses.
Crypto trader loses $50 million to address poisoning scam as the industry grapples with nearly $90 billion in cumulative security losses. #Crypto #Scam https://t.co/ZXn2iF8wdi
— Cryptonews.com (@cryptonews) December 20, 2025
Crypto trader loses $50 million to address poisoning scam as the industry grapples with nearly $90 billion in cumulative security losses. #Crypto #Scam https://t.co/ZXn2iF8wdiOne victim lost $50 million after inadvertently copying a fraudulent address that visually resembled their intended destination.
Another significant incident involved a private key leak associated with a multi-signature wallet, leading to losses of about $27.3 million.
The industry’s vulnerability extends beyond technical exploits to social engineering schemes, with Brooklyn resident Ronald Spektor facing charges for allegedly stealing $16 million from around 100 Coinbase users by impersonating company employees.
The post Hundreds of Wallets Drained in Ongoing Cross-Chain Attack, ZachXBT Warns appeared first on Cryptonews.
Comments are closed.