- More than $107,000 in total losses have already been identified through on-chain analysis.
- No specific wallet provider or exploitation vector has yet been confirmed by investigators.
- Attackers are draining small amounts under $2,000 per wallet, delaying detection and spreading risk widely.
A new on-chain alert has drawn attention to a discreet but widespread campaign of crypto theft affecting hundreds of users across EVM-compatible blockchains.
The alert, shared by blockchain investigator ZachXBT, points to a coordinated wallet-draining operation that has already resulted in over $107,000 in cumulative losses.
What distinguishes this incident from many others is not the size of individual thefts but the method. Rather than targeting large balances, the attacker appears to siphon relatively small sums from a large number of wallets.
Most losses are under $2,000 per address, allowing the activity to spread quietly without immediately attracting attention from victims or monitoring systems.
A creeping pattern emerges
The affected wallets span multiple EVM-compatible networks, confirming that this is not limited to a single chain or ecosystem.
Transaction data reviewed by investigators shows consistent timing and similar transfer amounts, indicating a coordinated effort rather than isolated incidents.
So far, no specific wallet provider, decentralized application, or smart contract vulnerability has been identified as the entry point. There has also been no official confirmation linking the drains to compromised software updates or phishing campaigns.
What has been established is that the stolen funds are being funneled into related addresses, suggesting a single actor or a closely linked group is responsible.
This lack of a clear exploitation vector has complicated efforts to contain the problem.
Without knowing how access is gained, users and developers are left with limited immediate options beyond increased vigilance.
Why small losses create big risks
Although the financial impact on individual users may seem limited, the method raises broader concerns.
By spreading theft across many wallets, attackers can delay detection and reduce the likelihood of rapid, coordinated responses.
Victims may notice missing funds days or weeks later, if at all.
The approach also highlights the persistent risks self-custody users face when interacting with multiple chains, protocols, and permissions.
Each interaction increases the attack surface for potential compromise, especially within the interconnected EVM ecosystem.
The timing of the incidents has heightened unease in the crypto community.
This follows a series of security breaches late in 2025 that renewed scrutiny around wallet approvals, private key handling, and cross-chain activity.
Exploits remain a constant threat
This episode fits a broader pattern of ongoing security challenges in the digital-asset sector.
Data from blockchain security firm PeckShield shows December saw roughly 26 major crypto exploits, resulting in losses around $76 million.
Although that total was significantly lower than November’s $194 million, it confirms that exploit activity remains persistent.
One of the most prominent incidents in the period involved Trust Wallet, which revealed a security issue tied to a specific version of its browser extension.
The breach, occurring during the holiday period, resulted in approximately $7 million in losses.
The company has since begun compensating affected users and rolling out updates to strengthen verification and refund processes.
ZachXBT said the wallet-draining case is still evolving, with fund movements under ongoing observation.
There is currently no confirmed explanation for how the wallets were compromised, and no single product or service has been publicly blamed.