Skip to content
- Automated EVM wallet drains hit hundreds of users through small, repeated thefts.
- Phishing emails mimicking MetaMask likely enabled approvals for malicious transfers.
- Attack echoes Trust Wallet’s $7M breach, showing rising risks across EVM ecosystems.
An attacker has drained funds from hundreds of crypto wallets across Ethereum Virtual Machine (EVM)–compatible networks. The sums taken from each address were small, usually under $2,000. However, the scale of the incident has raised concerns among investigators. The pattern suggests a coordinated effort that targeted many users at once.
Onchain investigator ZachXBT reported that the affected wallets span several EVM chains. He said the attacker appeared to cast a wide net to capture modest amounts from many addresses. His posts highlighted a consistent drain pattern that repeated across networks.
Cybersecurity firm Hackless issued a warning shortly after the reports surfaced. The company said the attack looked automated. It urged users to revoke unnecessary contract approvals to limit exposure. It also advised wallet owners to monitor their activity closely for unusual movements.
Trust Wallet Breach Draws Parallels as Phishing Risks Intensify
Analyst Vladimir S. urged users to review recent emails that looked like MetaMask notifications. He shared screenshots that showed a spoofed message designed to mimic official branding. The email attempted to trick users into granting approvals or signing harmful transactions.
Screenshots posted online showed branding that closely matched the legitimate MetaMask layout. Investigators said the imitation was detailed enough to pass casual inspection. Such tactics are common in phishing campaigns targeting wallet owners.
The timing of the EVM drain has drawn comparisons to a separate breach at Trust Wallet. That incident resulted in a $7 million loss on Christmas Day. It affected 2,596 wallets across several networks. Trust Wallet confirmed that a supply-chain attack known as “Sha1-Hulud” had compromised npm packages used by developers.
Also Read: Bithumb Identifies $200M in Dormant Assets Linked to 2.6M Accounts
Trust Wallet said leaked developer secrets from GitHub allowed an attacker to modify its browser extension. A malicious version of the extension was then uploaded to the Chrome Web Store. The company clarified that its mobile application was not affected. It also stated that users impacted by the browser attack would be reimbursed.
EVM Breach Shows Unusual Traits, Experts Raise Concerns
The breach of the Trust Wallet was characterized by some unusual features, which industry figures remarked on. Some indicated that the attacker was familiar with the extension. Binance, the owner of the Trust Wallet, reiterated that the mobile application was safe.
Trust Wallet officials have not confirmed the connection between the Trust Wallet hack and the EVM wallet drains. Similarities such as phishing, extension tampering, and approval misuse were also observed by the investigators. These trends are common with attacks involving EVM-compatible wallets.
In December, losses related to hacking of cryptos decreased significantly. PeckShield registered a loss of approximately $76 million in a month. That was a decrease from November, when it reached $194.2 million. A total of 26 large crypto incidents were registered in December.
The biggest single loss was a poisoning scam of addresses worth $50 million. The fraudster defrauded a member into sending money towards a wallet resembling one. U.S. prosecutors also accused a Brooklyn resident of robbing 100 Coinbase users by convincing them to deposit their money, which resulted in a theft of $16 million. The offenses included phishing and social engineering.
Also Read: Bitfinex Hacker Ilya Lichtenstein Released Early as Trump-Era Prison Reform Takes Effect
