EVM Wallet Drainer Steals $107K, Trust Wallet Hack Revealed

Prominent on-chain investigator ZachXBT has revealed an ongoing, unidentified attack draining hundreds of wallets across Ethereum Virtual Machine (EVM) networks. According to his findings, the attacker is targeting a large number of wallets for relatively small individual amounts, with most losses remaining below $2,000 per victim. While each theft appears limited, the cumulative financial impact is steadily mounting.

As of the most recent update from ZachXBT, approximately $107,000 has been drained from unsuspecting crypto users, with the total expected to rise as the activity continues. The attack remains active, and investigators are struggling to identify both the exploiter behind it and the method being used. No definitive exploit vector has been confirmed, leaving the root cause of the wallet drains unclear and complicating defensive measures.

Despite the mystery surrounding the attack’s mechanics, ZachXBT has flagged a specific wallet address believed to be linked to the draining activity: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB. This address represents one of the few tangible leads in an investigation characterized by its lack of clarity, underscoring the sophisticated and elusive nature of modern on-chain attacks targeting EVM networks.

This latest incident follows closely on the heels of a major security breach disclosed by Trust Wallet. Just a week before ZachXBT’s revelations, Trust Wallet reported a significant security incident involving its browser extension. On December 24, a malicious version of the Trust Wallet Browser Extension, version 2.68, was published to the Chrome Web Store outside the company’s normal release and review process.

The compromised extension contained malicious code that enabled attackers to access sensitive wallet data and execute unauthorized transactions. Trust Wallet clarified that the issue only affected users who opened and logged into version 2.68 between December 24 and December 26, and did not impact mobile app users or other extension versions. The company’s investigation identified 2,520 affected wallet addresses, from which approximately $8.5 million in assets were drained and linked to 17 attacker-controlled addresses.

Notably, Trust Wallet also found that the same attacker addresses were used to drain wallets not directly connected to this specific incident, suggesting broader malicious activity. In response to the hack, which highlights critical vulnerabilities in crypto security infrastructure, the company has promised reimbursement to affected users, a move that may set a precedent for accountability in the sector.

Together, these incidents paint a concerning picture of evolving threats within the cryptocurrency ecosystem. The ongoing EVM network drainer, characterized by its stealth and unidentified method, operates differently from the more overt Trust Wallet exploit but shares the same end goal: the unauthorized extraction of user funds. Both attacks demonstrate a high degree of sophistication, whether in evading detection or in compromising official distribution channels like the Chrome Web Store.

The challenges faced by investigators like ZachXBT in tracing these perpetrators underscore the inherent difficulties in achieving transparency and security in decentralized environments. While the EVM attack accumulates smaller sums from many victims, and the Trust Wallet hack extracted larger amounts from a defined group, both result in significant financial losses and erode user confidence. These events serve as stark reminders that wallet security remains a critical, and often vulnerable, frontier in the broader adoption of digital assets.