- Total losses exceeding $107,000 have already been identified through blockchain analysis.
- No specific wallet provider or exploit vector has been confirmed by investigators so far.
- Attackers are stealing relatively small amounts—under $2,000 per wallet—delaying detection and spreading risk widely.
A new alert in the blockchain community has drawn attention to a low-profile but widespread crypto-theft campaign that has affected hundreds of users across multiple EVM-compatible blockchains.
The warning, shared by blockchain researcher ZachXBT, points to a coordinated wallet-draining operation that has produced cumulative losses topping $107,000.
What sets this incident apart is not the size of individual thefts but the method. Rather than targeting large balances, the attacker appears to siphon relatively small amounts from a large number of wallets.
Most losses remain under $2,000 per address, allowing the activity to spread quietly without immediately triggering victims’ attention or automated monitoring systems.
Hidden pattern emerges
The affected wallets span several EVM-compatible networks, indicating the campaign is not limited to a single chain or ecosystem.
Transaction data analyzed by investigators shows consistent timings and similar transfer sizes, suggesting coordinated action rather than isolated incidents.
So far, no particular wallet provider, decentralized application, or smart contract vulnerability has been identified as the entry point. There is also no confirmed link to compromised software updates or phishing campaigns.
Funds appear to be routed to related addresses, which suggests a single actor or a closely affiliated group is responsible.
The absence of a clear exploit vector has complicated efforts to contain the problem.
Without knowing exactly how access is obtained, users and developers have limited immediate options beyond increased vigilance.
Why small losses create big risks
Although the financial impact on individual users may seem limited, the tactic raises broader concerns.
By spreading theft across many wallets, attackers can delay detection and reduce the likelihood of swift, coordinated responses.
Victims may only notice missing funds days or weeks later, if they notice at all.
This approach also highlights persistent risks faced by self-custody users who interact with multiple chains, protocols, and approvals.
Each interaction expands the attack surface for potential compromise, especially within the interconnected EVM ecosystem.
The timing of this campaign has heightened alarm within the crypto community.
It follows a series of security incidents in late 2025 that renewed focus on wallet approvals, private key management, and cross-chain activity.
Exploits remain a persistent threat
This episode fits within the broader picture of ongoing security challenges in the digital asset space.
Data from blockchain security firm PeckShield showed roughly 26 major crypto exploits in December, resulting in around $76 million in losses.
Although that figure is far below November’s $194 million, it underscores that exploitation remains a persistent issue.
One widely reported incident from that period involved Trust Wallet, where a security problem related to a specific browser extension version led to roughly $7 million in losses during the holiday season.
Since then, the company has taken steps to reimburse affected users and implemented updates to strengthen verification and recovery processes.
ZachXBT reported that the wallet-draining matter is still unfolding and that fund movements continue to be tracked.
At present, there is no confirmed explanation for how wallets were compromised, and no product or service has been publicly accused.