Something bad is happening to crypto wallets right now, and it’s spreading fast.
Over the past few days, hundreds of people lost money from their wallets. The total damage? More than $107,000 so far. But here’s the terrifying part: nobody can figure out where the attack is coming from.
The EVM Wallet Breach Nobody Saw Coming
ZachXBT broke the news on his Telegram channel. He’s a blockchain detective who tracks down crypto criminals, and he noticed a pattern. Wallets across Ethereum, BNB Chain, Base, Polygon, and other networks started bleeding funds.
The attacker isn’t going after big fish. Each victim loses less than $2,000. Small enough that many people won’t notice right away. Smart enough that it flies under the radar.
But add those small amounts together? You get six figures in stolen crypto. And the number keeps growing because the attack hasn’t stopped.
Ethereum got hit hardest. About $54,655 was drained from wallets there. BNB Chain lost $25,545. Then you’ve got Base, Arbitrum, and Polygon, each losing thousands. Even smaller chains like Optimism, Zora, and Linea saw money disappear.
ZachXBT pointed to one address that keeps popping up: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB. That’s where a lot of the stolen funds ended up. Track that address, and you’ll see money flowing in from all directions.
Also Read: Best Crypto Wallets 2026: Secure Storage for Bitcoin & Altcoins
How Does an EVM Wallet Breach Like This Work?
Good question. Security researchers are scratching their heads too.
This looks automated. Someone built a system that targets multiple wallets at once across different blockchains. It moves fast. It’s coordinated. And it hasn’t left obvious tracks.
People on Twitter started sharing theories. Some got emails pretending to be from MetaMask. These fake messages said “urgent security update required” or something like that. Vladimir, who researches cyber threats, noticed these emails showed up around the same time as the drains.
Could be related. Could be a different scam. Right now, investigators can’t confirm the connection.
What makes this EVM wallet breach so frustrating is the mystery. No wallet company has admitted a vulnerability. No specific app or website stands out as the source. The entry point remains unknown.
That means it could still be happening to more people.
Trust Wallet Just Went Through This
Remember the Trust Wallet mess from last week? About $7 million vanished because someone pushed a malicious browser extension update.
Trust Wallet confirmed 2,596 addresses got drained. The hackers stole a Chrome Web Store API key and used it to distribute a poisoned version of the extension. People downloaded what looked like a normal update, and boom, their money disappeared.
The company started paying people back. CEO Eowyn Chen said they got around 5,000 claims. Many were fake. Some people tried to game the system and claim losses they never had.
That incident was different from these current multi-chain drains. But both attacks show the same thing: browser-based crypto tools have serious weak spots.
December Was a Nightmare for Crypto Security
Look at the bigger picture, and things get worse.
PeckShield counted 26 major exploits in December alone. Total damage? About $76 million. That’s actually down from November, when hackers stole $194 million. Progress, I guess? But losing $76 million in a month is still crazy.
Here’s what really bothers security analysts. In 2025, wallet compromises made up roughly 20% of all stolen crypto value. Not exchange hacks. Not smart contract exploits. Individual wallets.
The numbers tell a dark story. Last year saw about 158,000 wallet breaches affecting at least 80,000 different people. Back in 2022? Only 54,000 breaches hit 40,000 victims. The victim count doubled in three years.
Individual losses per person went down. But way more people got targeted. Total losses dropped from $1.5 billion in 2024 to $713 million in 2025. Sounds good until you realize the incident count tripled.
Attackers changed tactics. Instead of going after whales, they’re draining regular users in volume.
Also Read: How Secure Is Bitcoin – Can It Ever Be Hacked?
What Should You Do About This EVM Wallet Breach?
First, check your wallet history right now. Don’t wait. Use Etherscan for Ethereum, BscScan for BNB Chain, or whatever explorer matches your network. Look for weird transfers. Even tiny amounts matter.
Second, stop clicking email links. I don’t care if it says “MetaMask urgent security alert” or “Trust Wallet mandatory update.” Delete it. Go to the official website directly through your browser.
Third, check your token approvals. You know all those times you connected your wallet to a DeFi app? Each one got permission to access your tokens. Old permissions become security holes. Use Revoke.cash to see what’s approved and cancel anything you don’t use anymore.
Fourth, get a hardware wallet if you hold serious money. Ledger, Trezor, whatever. Hardware wallets aren’t perfect, but they add a layer that stops most remote attacks.
Fifth, follow official sources only. Twitter is full of fake accounts. Discord has scam bots everywhere. Stick to verified channels and official websites.
The investigation into this EVM wallet breach continues. Security teams at Chainalysis, PeckShield, and independent researchers are all digging. Until they find answers, you need to stay alert.
Check your wallet. Revoke old permissions. Be paranoid about emails. Because right now, paranoia might save your crypto.
Also Read: Top Crypto Scams Explained: Rug Pulls, Phishing & Ponzi Schemes
How did this EVM wallet breach start?
Nobody knows yet. That’s the scary part. Researchers haven’t found the vulnerability or the entry point. It could be a browser exploit, a compromised extension, or something else entirely.
Which blockchains got hit in this attack?
Ethereum took the biggest loss at around $54K. BNB Chain lost about $25K. Base, Arbitrum, Polygon, Optimism, Zora, Linea, Manta Pacific, zkSync Era, and Ink all reported drains too.
Did the Trust Wallet hack cause this?
Probably not. The Trust Wallet incident involved a malicious Chrome extension. These current drains appear to be something different, though both happened recently and both targeted browser users.
How can I tell if my wallet got drained?
Go to a block explorer like Etherscan or BscScan. Paste your wallet address. Look through recent transactions. If you see transfers you didn’t authorize, especially small amounts under $2K, you might be a victim.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Tether 