Hundreds of crypto wallets across multiple Ethereum Virtual Machine (EVM)-compatible chains are being drained in a coordinated attack with no confirmed root cause, according to blockchain investigator ZachXBT.
The wave of attacks has raised renewed concerns over security risks across the Ethereum ecosystem, even as developers continue to explore ways to strengthen the network’s long-term resilience.
+70
Shiba Inu
Bitcoin
PAX Gold
Ampleforth
Ethereum
Cardano
EOS
Solana
Avalanche
Dogecoin
Ripple
TRON
Bitcoin Cash
Ocean Protocol
Litecoin
Reserve Rights
Ontology
Bitcoin SV
Ethereum Classic
Kusama
Dash
Neo
Chainlink
Qtum
Polkadot
VeChain
Stellar
Tezos
Zcash
Zilliqa
Status
JUST
Cosmos
Ravencoin
Trust Wallet Token
ARPA Chain
Nervos Network
Storj
Beam
NKN
Algorand
Celer Network
THORChain
Fantom
Optimism
Aptos
APEcoin
Wrapped Bitcoin
Compound
Monero
Basic Attention Token
Arweave
Aergo
Decentraland
SushiSwap
Conflux Network
NEAR Protocol
Polkastarter
Ankr
Maker
Artificial Superintelligence Alliance
Mask Network
Cronos
Internet Computer
Badger DAO
USD Coin
BakeryToken
Alpaca Finance
Aave
Treasure
BitTorrent
FLUX
Bancor
IoTex
Build'N'Build
+76
Bitcoin
Ethereum
Tether
USD Coin
Solana
Ripple
Dogecoin
Cardano
Toncoin
Shiba Inu
Avalanche
TRON
Chainlink
Polygon Matic
Polkadot
Wrapped Bitcoin
Litecoin
Dai
NEAR Protocol
Bitcoin Cash
Stellar
Cosmos
Filecoin
Ethereum Classic
Aptos
Hedera Hashgraph
Immutable
Optimism
Arbitrum
VeChain
The Sandbox
Decentraland
Axie Infinity
Injective Protocol
Render
The Graph
Aave
Chiliz
Helium
PAX Gold
Compound
Lido DAO Token
Sui
Conflux Network
Lido Staked ETH
OKB
Uniswap
Pepe
Ondo
Mantle
First Digital USD
XDC Network
Artificial Superintelligence Alliance
Jupiter
Quant
Worldcoin
Bonk
Tether Gold
JITO
JasmyCoin
Core
Floki Inu
Ethereum Name Service
SushiSwap
1inch Network
Tezos
Algorand
Flow
Trust Wallet Token
Curve DAO Token
MultiversX
Basic Attention Token
Enjin Coin
Ethena
Ethena Staked USDe
Build'N'Build
Kava.io
Celestia
Sei
IOTA
Frax
+217
Bitcoin
Ethereum
Tether
Build'N'Build
USD Coin
Solana
Ripple
Dogecoin
Cardano
Toncoin
Shiba Inu
Avalanche
TRON
Chainlink
Polkadot
Polygon Matic
Wrapped Bitcoin
Litecoin
Dai
NEAR Protocol
Bitcoin Cash
Monero
Stellar
Cosmos
Filecoin
Ethereum Classic
Aptos
Hedera Hashgraph
Immutable
Optimism
Arbitrum
VeChain
The Sandbox
Decentraland
Axie Infinity
Injective Protocol
Render Token
The Graph
Maker
Aave
Chiliz
Helium
PAX Gold
Compound
Lido DAO Token
THORChain
Stacks
Arweave
Sui
Conflux Network
Lido Staked ETH
Bitget Token
Wrapped Ethereum
OKB
Uniswap
Pepe
Ondo
Mantle
First Digital USD
Bittensor
Kaspa
Celestia
XDC Network
Artificial Superintelligence Alliance
Jupiter
Quant
Worldcoin
PayPal USD
Bonk
Flare
Tether Gold
Sei
JITO
JasmyCoin
PancakeSwap
Core
Floki Inu
Ethereum Name Service
SushiSwap
Kava.io
1inch Network
Tezos
Algorand
Flow
Trust Wallet Token
Curve DAO Token
KuCoin Token
MultiversX
Gitcoin
Zcash
IOTA
Basic Attention Token
Frax
Ethena
Ethena USDe
Fasttoken
Pi Network
SATS
Adventure Gold
Audius
Alchemy Pay
Arkham
API3
Bounce Token
Altlayer
Aergo
Amp
Aevo
ARPA Chain
Astar
Ark
Ankr
AirSwap
Alpaca Finance
Blur
Badger DAO
Bancor
BakeryToken
Biconomy
Chromia
Celer Network
Celo
Shentu
Civic
Convex Finance
Cartesi
Cyber
COTI
DigiByte
DIA
ether.fi
FUNToken
FLUX
Firo
Ampleforth
Golem
GMX
Gnosis
Moonbeam
Holo
IoTex
ICON
Illuvium
JUST
Kadena
Liquity
Livepeer
Lisk
Memecoin
Manta Network
Treasure
Mask Network
MetisDAO
Origin Protocol
ORDI
Ontology
Osmosis
Powerledger
Phala Network
Pendle
Portal
Pyth Network
ConstitutionDAO
Polkastarter
Qtum
iExec RLC
Rocket Pool
Reserve Rights
Ronin
Ravencoin
Starknet
Storj
Status
Spell Token
Sun (New)
SuperVerse
Toko Token
Theta Fuel
Tellor
Tensor
LayerZero
Usual
Eigenlayer
Hamster Kombat
Catizen
Berachain
KAITO
Pudgy Penguins
Solayer
Bio Protocol
ChainGPT
Cookie DAO
Solv Protocol
Alchemix
Bitcoin SV
Movement
DeXe
Binance Staked SOL
Nexo
Wrapped eETH
Hyperliquid
Casper
Zilliqa
Secret
Nervos Network
TrueUSD
BitTorrent
Mina
Dash
STEPN
Gemini Dollar
UNUS SED LEO
Synthetix
APEcoin
Gala
Theta Network
Fantom
Cronos
Internet Computer
Binance USD
The incident has so far resulted in losses of about $107,000, with the total still increasing, ZachXBT said on Thursday.
Each affected wallet has lost relatively small amounts — typically less than $2,000 — suggesting a broad but low-value attack that may have been designed to avoid early detection.
“It appears hundreds of wallets are currently being drained on various EVM chains for small amounts per victim, with a root cause not yet identified,” ZachXBT said.
He flagged a suspicious address — 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB — as potentially linked to the activity.
No protocol has publicly acknowledged responsibility for the losses, and affected users span multiple blockchains that share Ethereum’s EVM architecture.
The latest EVM chain wallet drains follow a separate security incident reported over the Christmas holiday, when a growing number of users flagged unauthorized withdrawals from self-custody wallets across multiple blockchains.
The issue was first publicly raised on Christmas Day by ZachXBT, who said he had received multiple independent reports from affected users and issued a community alert.
Within hours, the warning spread across Telegram and X, prompting concern among wallet users and security researchers.
“A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple of hours,” ZachXBT wrote on Telegram.
He added that while the root cause had not yet been determined, the reports closely followed a recent update to the Trust Wallet Chrome browser extension.
ZachXBT cautioned that timing alone did not establish causation.
We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Please refer to the official Chrome Webstore link here: https://t.co/V3vMq31TKb
Please note: Mobile-only users…
— Trust Wallet (@TrustWallet) December 25, 2025
At the time, no immediate official security advisory had been issued.
Trust Wallet later released a statement confirming a security incident affecting Trust Wallet Browser Extension version 2.68.
“We understand how concerning this is and our team is actively working on the issue,” the company said.
In November, decentralized exchange protocol Balancer suffered one of the largest DeFi exploits of the year, losing nearly $117 million after attackers drained multiple liquidity pools in rapid succession.
On-chain data showed the stolen tokens were quickly consolidated into a newly created wallet controlled by the attacker.

Balancer later confirmed the breach stemmed from a faulty access control check in its V2 smart contracts.
The flaw allowed an attacker to bypass permission checks by supplying a malicious op.sender parameter, enabling unauthorized withdrawals from internal balances.
The exploit primarily affected older Balancer V2 pools, including those holding staked ether derivatives, and may have exposed more than $60 million in downstream protocols that relied on the same code.
The latest incidents highlight ongoing security risks across the EVM ecosystem, even as Ethereum researchers outline long-term plans to harden execution.
In August, Ethereum Foundation researcher Justin Drake detailed an initiative known as “Lean Ethereum,” a proposal aimed at making the network faster and more secure.
“Ethereum is unique,” Drake wrote in a series of blog posts, citing the network’s uninterrupted uptime since launch and the scale of economic security secured by staked ether.
“Lean Ethereum is more than a blueprint for hardening and scaling Ethereum,” he wrote.
“More than just doubling down on security, decentralization, and cutting-edge cryptography. It is an aesthetic,” Drake writes.
Drake has argued that while quantum computers cannot yet break blockchain cryptography, advances over the coming decade could pose risks if networks fail to prepare.
His proposal includes new cryptographic techniques designed to make Ethereum quantum-resistant while also improving scalability.
Under the proposal, Ethereum’s main execution layer could eventually handle around 10,000 transactions per second.
Drake has suggested that real-time zero-knowledge virtual machines and advanced data availability techniques could play a central role.
Kurt Robson is a London-based reporter at CCN, specialising in the fast-moving worlds of crypto and emerging technology. He began his career covering local news in Cornwall after graduating from Falmouth University with First Class Honours in Journalism. There, he cut his teeth on everything from council meetings to missing swans.
He quickly rose through the ranks to become a frontline journalist at several of the UK’s leading national newspapers. Over the years, he has interviewed musicians and celebrities, reported from courtrooms and crime scenes, and secured multiple front-page exclusives.
Following the upheaval of the COVID-19 pandemic, Kurt shifted his focus to technology journalism—just ahead of the AI boom. With a natural curiosity and a trained eye for emerging trends, he has found a new rhythm in reporting on innovation.
At CCN, Kurt's work focuses on the cutting edge of crypto, blockchain, AI, and the evolving digital world. Drawing on his background in people-first reporting and his deep interest in disruptive tech, Kurt delivers stories that are insightful, entertaining, and human-centric.
You’re All Set!
Thanks for signing up. We’ll be in touch soon with the latest insights.
