Blockchain investigator ZachXBT has recently raised alarms about a persistent exploit targeting numerous cryptocurrency wallets on the Ethereum Virtual Machine (EVM)-compatible networks. The attack, which continues to unfold, reportedly involves the unauthorized transfer of funds from hundreds of affected addresses / wallets, primarily in modest amounts.
According to ZachXBT’s alerts shared on Telegram, the perpetrator focuses on draining relatively small balances, with most individual losses falling below $2,000.
This strategy allows the attacker to impact a broad range of victims while accumulating significant totals.
Recent on-chain tracking indicates that approximately $107,000 has been siphoned so far, though experts warn this amount is expected to rise as the incident progresses.
The method of compromise remains unknown at the time of writing, further complicating efforts to halt the drains. No specific vulnerability or entry vector has been pinpointed, and the attacker’s identity is undisclosed. However, a key recipient address—0xAc2e5153170278e24667a580baEa056ad8Bf9bFB—has been highlighted for monitoring suspicious inflows.
This event now unfolds against a backdrop of heightened overall cryptocurrency vulnerabilities.
Data from blockchain security firm PeckShield reveals that December 2025 recorded about 26 significant exploits, leading to roughly $76 million in total damages—a notable 60% drop from November’s $194 million.
Despite the decline, the month featured several high-profile cases that underscore ongoing risks in the sector.
One prominent breach involved Trust Wallet’s browser extension.
Over the holiday period, a compromised version led to around $7 million in unauthorized withdrawals from user holdings.
The issue was traced to a specific release, prompting the company to initiate reimbursements for verified impacted parties.
In response to user inquiries, Trust Wallet CEO Eowyn Chen clarified that the extension was briefly removed from the Chrome Web Store due to a technical glitch during an update rollout.
The new version incorporates tools in order to streamline compensation claims, enabling direct submission of ownership verification from within the extension itself.
These incidents highlight the evolving threats facing digital asset holders, from targeted drains to supply-chain compromises.
Users are now being advised to monitor all of their transactions very closely, revoke unnecessary approvals, and transfer assets to new wallets if irregularities appear. As the EVM drain attack shows no signs of abating for now at least, the crypto sector remains on high alert for further developments.