Meet the Top 101 in Crypto
News
5 min read

Hundreds of Wallets Drained on EVM Chains With No Root Cause, ZachXBT Warns — $107K Lost So Far and Counting

Published 02 January 2026
Kurt Robson
Authors
Edited by Insha Zia
Key Takeaways
  • Recent widespread wallet drains on EVM chains have no clear cause.
  • The latest attack follows a separate Christmas-period wallet security incident involving a browser extension.
  • Long-term fixes remain in development and in discourse.

Hundreds of crypto wallets across multiple Ethereum Virtual Machine (EVM)-compatible chains are being drained in a coordinated attack with no confirmed root cause, according to blockchain investigator ZachXBT.

The wave of attacks has raised renewed concerns over security risks across the Ethereum ecosystem, even as developers continue to explore ways to strengthen the network’s long-term resilience.

Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
Opened in 2018
Promotions
Deposit $100, Get an Extra $300 in GOLD!
Coins
Shiba Inu Bitcoin PAX Gold Ampleforth Ethereum +70
Promotions
Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.
Coins
Bitcoin Ethereum Tether USD Coin Solana +76
Opened in 2017
Promotions
Experience a 1-minute swap on a non-custodial platform.
Coins
Bitcoin Ethereum Tether Build'N'Build USD Coin +217
Show More

Unknown Hack on EVM Chains

The incident has so far resulted in losses of about $107,000, with the total still increasing, ZachXBT said on Thursday.

Each affected wallet has lost relatively small amounts — typically less than $2,000 — suggesting a broad but low-value attack that may have been designed to avoid early detection.

“It appears hundreds of wallets are currently being drained on various EVM chains for small amounts per victim, with a root cause not yet identified,” ZachXBT said.

He flagged a suspicious address — 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB — as potentially linked to the activity.

No protocol has publicly acknowledged responsibility for the losses, and affected users span multiple blockchains that share Ethereum’s EVM architecture.

Holiday Hacks

The latest EVM chain wallet drains follow a separate security incident reported over the Christmas holiday, when a growing number of users flagged unauthorized withdrawals from self-custody wallets across multiple blockchains.

The issue was first publicly raised on Christmas Day by ZachXBT, who said he had received multiple independent reports from affected users and issued a community alert.

Within hours, the warning spread across Telegram and X, prompting concern among wallet users and security researchers.

“A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple of hours,” ZachXBT wrote on Telegram.

He added that while the root cause had not yet been determined, the reports closely followed a recent update to the Trust Wallet Chrome browser extension.

ZachXBT cautioned that timing alone did not establish causation.

At the time, no immediate official security advisory had been issued.

Trust Wallet later released a statement confirming a security incident affecting Trust Wallet Browser Extension version 2.68.

“We understand how concerning this is and our team is actively working on the issue,” the company said.

Balancer Exploit

In November, decentralized exchange protocol Balancer suffered one of the largest DeFi exploits of the year, losing nearly $117 million after attackers drained multiple liquidity pools in rapid succession.

On-chain data showed the stolen tokens were quickly consolidated into a newly created wallet controlled by the attacker.

The Balancer hack’s stolen assets. Source: Lookonchain

Balancer later confirmed the breach stemmed from a faulty access control check in its V2 smart contracts.

The flaw allowed an attacker to bypass permission checks by supplying a malicious op.sender parameter, enabling unauthorized withdrawals from internal balances.

The exploit primarily affected older Balancer V2 pools, including those holding staked ether derivatives, and may have exposed more than $60 million in downstream protocols that relied on the same code.

Researchers Long-term Security

The latest incidents highlight ongoing security risks across the EVM ecosystem, even as Ethereum researchers outline long-term plans to harden execution.

In August, Ethereum Foundation researcher Justin Drake detailed an initiative known as “Lean Ethereum,” a proposal aimed at making the network faster and more secure.

“Ethereum is unique,” Drake wrote in a series of blog posts, citing the network’s uninterrupted uptime since launch and the scale of economic security secured by staked ether.

“Lean Ethereum is more than a blueprint for hardening and scaling Ethereum,” he wrote.

“More than just doubling down on security, decentralization, and cutting-edge cryptography. It is an aesthetic,” Drake writes.

Drake has argued that while quantum computers cannot yet break blockchain cryptography, advances over the coming decade could pose risks if networks fail to prepare.

His proposal includes new cryptographic techniques designed to make Ethereum quantum-resistant while also improving scalability.

Under the proposal, Ethereum’s main execution layer could eventually handle around 10,000 transactions per second.

Drake has suggested that real-time zero-knowledge virtual machines and advanced data availability techniques could play a central role.

Kurt Robson

Kurt Robson is a London-based reporter at CCN, specialising in the fast-moving worlds of crypto and emerging technology. He began his career covering local news in Cornwall after graduating from Falmouth University with First Class Honours in Journalism. There, he cut his teeth on everything from council meetings to missing swans.

He quickly rose through the ranks to become a frontline journalist at several of the UK’s leading national newspapers. Over the years, he has interviewed musicians and celebrities, reported from courtrooms and crime scenes, and secured multiple front-page exclusives.

Following the upheaval of the COVID-19 pandemic, Kurt shifted his focus to technology journalism—just ahead of the AI boom. With a natural curiosity and a trained eye for emerging trends, he has found a new rhythm in reporting on innovation.

At CCN, Kurt's work focuses on the cutting edge of crypto, blockchain, AI, and the evolving digital world. Drawing on his background in people-first reporting and his deep interest in disruptive tech, Kurt delivers stories that are insightful, entertaining, and human-centric.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status