Crypto Wallets Compromised Across Chains, ZachXBT Tracks Attacker

TLDR

• Hundreds of crypto wallets across EVM chains have been drained in an ongoing attack.
• Each wallet was targeted for relatively small amounts with most victims losing under $2,000.
• The total amount stolen has reached approximately $107,000 and continues to increase.
• ZachXBT has identified a suspicious address connected to the wallet-draining activity.
• The method used by the attacker to access the wallets is still unknown.

Hundreds of crypto wallets have been drained across multiple EVM-compatible chains, with the attack still ongoing, according to on-chain investigator ZachXBT, who reported the losses in his Telegram channel, confirming a total of $107,000 stolen so far, though this figure is expected to rise.

Attacker Targets Low-Balance Wallets Across EVM Chains

The attacker continues to drain wallets across Ethereum-compatible chains, focusing on low-value accounts with funds under $2,000 each. ZachXBT shared that although individual losses are small, the cumulative impact grows as more wallets are compromised.

The investigator flagged the suspicious address 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB as linked to the thefts. No details have emerged about how the attacker gains access to the wallets, leaving the vulnerability unresolved.

The method of compromise remains unknown, creating concerns of continued exploitation across affected chains. As of now, the attacker remains unidentified, and victims keep reporting unauthorized withdrawals from their wallets.

Trust Wallet Breach Tied to Extension Update Exploit

During the December holiday period, Trust Wallet confirmed a separate breach tied to its browser extension version 2.68. In a post-mortem, the company revealed that exposed GitHub secrets allowed the attacker to bypass standard release procedures.

The attacker registered “metrics-trustwallet[.]com” and deployed a trojanized extension version with backdoor capabilities. This malware harvested wallet mnemonic phrases and transmitted them to a malicious server, “api.metrics-trustwallet[.]com”.

Around one million users were prompted to update to version 2.69 after the compromised version appeared on the Chrome Store. Trust Wallet CEO Eowyn Chen explained that a platform issue during the update caused the extension to become temporarily unavailable.

The new update added a verification feature to help reimbursement claimants prove wallet ownership. Trust Wallet confirmed around $7 million in losses from the attack and began compensating affected users shortly after.

Crypto Exploits Surge During December, FBI Issues Scam Warning

Blockchain security firm PeckShield reported 26 crypto-related exploits in December, resulting in about $76 million in stolen funds. While the number is lower than November’s $194.27 million, attacks continue to occur across various platforms.

Researchers said a new malware version called Shai-Hulud 3.0 featured improvements in obfuscation and compatibility. This version aimed to prolong campaign activity without introducing new techniques, according to Upwind’s Guy Gilad and Moshe Hassan.

Nansen believes attackers are routing stolen assets through Tornado Cash, Railgun, THORChain, and TRON OTC venues. These services may obscure the asset flow, complicating traceability efforts for investigators and victims.

The FBI warned Americans about rising phishing and non-delivery scams during the holidays, linked to $785 million in annual losses. Credit card fraud added another $199 million, increasing concerns around seasonal cybercrime targeting personal and financial data.

Chainalysis and TRM Labs estimated crypto thefts reached $2.7 billion last year, the highest yearly total recorded. The largest attack targeted Dubai-based exchange Bybit, with about $1.4 billion stolen in a single breach.

North Korean state-linked groups reportedly stole over $2 billion in crypto during the year.
Since 2017, these actors have accumulated around $6 billion, funding programs despite international sanctions.

The post Crypto Wallets Compromised Across Chains, ZachXBT Tracks Attacker appeared first on CoinCentral.