- On-chain analysis has already identified total losses exceeding $107,000.
- Investigators have not yet confirmed any specific wallet provider or exploit vector.
- Attackers are siphoning small amounts—under $2,000 per wallet—to delay detection and spread risk widely.
A new on-chain alert has drawn attention to a stealthy but widespread crypto-theft campaign affecting hundreds of users across EVM-compatible blockchains.
The warning shared by blockchain investigator ZachXBT highlights an organized wallet-draining operation that has already resulted in more than $107,000 in cumulative losses.
What stands out in this incident is not the scale of individual thefts but the method. Rather than targeting large balances, attackers appear to be quietly siphoning modest amounts from a large number of wallets.
Most losses remain below $2,000 per address, allowing the campaign to spread without immediately drawing attention from victims or monitoring systems.
Stealthy pattern emerges
Compromised wallets span multiple EVM-compatible networks and are not limited to a single chain or ecosystem.
Transaction data reviewed by investigators shows consistent timing and similar transfer amounts, indicating a coordinated effort rather than isolated incidents.
So far, no specific wallet provider, decentralized application, or smart contract vulnerability has been identified as the entry point. There is also no official confirmation linking the drains to software updates or phishing campaigns.
What investigators have established is that stolen funds are being funneled to related addresses, suggesting involvement by a single actor or a closely connected group.
The absence of a clear exploit vector makes containment difficult.
Because it remains unclear how access was obtained, users and developers have limited immediate options beyond tightening security and increasing vigilance.
Why small losses create big risks
The financial impact on each individual user may seem limited, but the approach raises broader concerns.
By dispersing theft across many wallets, attackers can delay detection and reduce the chance of a rapid, coordinated response.
Victims might not notice missing funds for days or weeks—or may never realize they were drained.
The technique also underscores persistent risks faced by self-custody users who interact with multiple chains, protocols, and permissioned services.
Each interaction expands the potential attack surface, especially within the interconnected EVM ecosystem.
The timing of this campaign adds to unease within the crypto community.
It follows a series of security incidents at the end of 2025 that increased scrutiny on wallet approvals, secret key management, and cross-chain activity.
Exploits remain an ongoing threat
This event fits into a broader pattern of ongoing security challenges across the digital-asset space.
Blockchain security firm PeckShield reported roughly 26 major crypto attacks in December, resulting in about $76 million in losses.
Although that figure is far lower than November’s reported $194 million, it confirms that exploit activity remains active.
One of the most notable incidents during this period involved Trust Wallet, where a vulnerability tied to certain browser extension versions was exposed.
That breach, which occurred over the holiday period, led to approximately $7 million in losses.
The company later began compensating affected users and implemented updates to strengthen authentication and refund processes.
ZachXBT notes that the wallet-draining campaign is ongoing and that fund flows continue to be tracked.
At present, there is no definitive explanation for how the wallets were compromised, and no single product or service has been publicly blamed.