Hundreds of Wallets Drained on EVM Chains With No Root Cause, ZachXBT Warns — $107K Lost So Far and Counting

ccn.comPublished on 2026-01-02Last updated on 2026-01-02

Abstract

Blockchain investigator ZachXBT warns of a coordinated attack draining hundreds of crypto wallets across multiple Ethereum Virtual Machine (EVM)-compatible chains, with no confirmed root cause yet identified. The incident has resulted in approximately $107,000 in losses so far, with the total continuing to rise. Each affected wallet lost relatively small amounts, typically under $2,000, suggesting a broad but low-value attack designed to avoid detection. ZachXBT flagged a suspicious address potentially linked to the activity. This follows a separate security incident over the Christmas holiday involving unauthorized withdrawals from self-custody wallets, which Trust Wallet later confirmed was related to its Browser Extension version 2.68. These incidents highlight ongoing security risks in the EVM ecosystem, despite long-term efforts to strengthen network resilience, such as the Ethereum Foundation's "Lean Ethereum" initiative aimed at improving security and scalability.

Hundreds of crypto wallets across multiple Ethereum Virtual Machine (EVM)-compatible chains are being drained in a coordinated attack with no confirmed root cause, according to blockchain investigator ZachXBT.

The wave of attacks has raised renewed concerns over security risks across the Ethereum ecosystem, even as developers continue to explore ways to strengthen the network’s long-term resilience.

Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
"}' data-trk="68df7fd8872238d510dfbf06" href="https://clicks.pipaffiliates.com/c?c=1104900&l=en&p=1" rel="nofollow" target="_blank">
XM.com<\/h3>"}' data-trk="68df7fd8872238d510dfbf06" href="https://clicks.pipaffiliates.com/c?c=1104900&l=en&p=1" rel="nofollow" target="_blank">

XM.com

promotions
Get 100% Bonus up to $100 on your first Deposit.<\/strong>"}' data-trk="68df7fd8872238d510dfbf06" href="https://clicks.pipaffiliates.com/c?c=1104900&l=en&p=1" rel="nofollow" target="_blank"> Get 100% Bonus up to $100 on your first Deposit.
Coins
28
Claim Offer
"}' data-trk="6899b9831836d97539c51aa6" href="https://www.bitunix.com/" rel="nofollow" target="_blank">
Bitunix<\/h3>"}' data-trk="6899b9831836d97539c51aa6" href="https://www.bitunix.com/" rel="nofollow" target="_blank">

Bitunix

promotions
Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.<\/strong>"}' data-trk="6899b9831836d97539c51aa6" href="https://www.bitunix.com/" rel="nofollow" target="_blank"> Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.
Coins
151
Claim Offer
"}' data-trk="67adf8d4f12aaec7e4808bf5" href="https://bonus.bitget.com/CCN12" rel="nofollow" target="_blank">
Bitget<\/h3>"}' data-trk="67adf8d4f12aaec7e4808bf5" href="https://bonus.bitget.com/CCN12" rel="nofollow" target="_blank">

Bitget

promotions
Earn rewards worth up to 5,000 USDT on your first deposit<\/strong>"}' data-trk="67adf8d4f12aaec7e4808bf5" href="https://bonus.bitget.com/CCN12" rel="nofollow" target="_blank"> Earn rewards worth up to 5,000 USDT on your first deposit
Coins
88
Claim Offer

Unknown Hack on EVM Chains

The incident has so far resulted in losses of about $107,000, with the total still increasing, ZachXBT said on Thursday.

Each affected wallet has lost relatively small amounts — typically less than $2,000 — suggesting a broad but low-value attack that may have been designed to avoid early detection.

“It appears hundreds of wallets are currently being drained on various EVM chains for small amounts per victim, with a root cause not yet identified,” ZachXBT said.

He flagged a suspicious address — 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB — as potentially linked to the activity.

No protocol has publicly acknowledged responsibility for the losses, and affected users span multiple blockchains that share Ethereum’s EVM architecture.

Holiday Hacks

The latest EVM chain wallet drains follow a separate security incident reported over the Christmas holiday, when a growing number of users flagged unauthorized withdrawals from self-custody wallets across multiple blockchains.

The issue was first publicly raised on Christmas Day by ZachXBT, who said he had received multiple independent reports from affected users and issued a community alert.

Within hours, the warning spread across Telegram and X, prompting concern among wallet users and security researchers.

“A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple of hours,” ZachXBT wrote on Telegram.

He added that while the root cause had not yet been determined, the reports closely followed a recent update to the Trust Wallet Chrome browser extension.

ZachXBT cautioned that timing alone did not establish causation.

At the time, no immediate official security advisory had been issued.

Trust Wallet later released a statement confirming a security incident affecting Trust Wallet Browser Extension version 2.68.

“We understand how concerning this is and our team is actively working on the issue,” the company said.

Balancer Exploit

In November, decentralized exchange protocol Balancer suffered one of the largest DeFi exploits of the year, losing nearly $117 million after attackers drained multiple liquidity pools in rapid succession.

On-chain data showed the stolen tokens were quickly consolidated into a newly created wallet controlled by the attacker.

The Balancer hack’s stolen assets. Source: Lookonchain

Balancer later confirmed the breach stemmed from a faulty access control check in its V2 smart contracts.

The flaw allowed an attacker to bypass permission checks by supplying a malicious op.sender parameter, enabling unauthorized withdrawals from internal balances.

The exploit primarily affected older Balancer V2 pools, including those holding staked ether derivatives, and may have exposed more than $60 million in downstream protocols that relied on the same code.

Researchers Long-term Security

The latest incidents highlight ongoing security risks across the EVM ecosystem, even as Ethereum researchers outline long-term plans to harden execution.

In August, Ethereum Foundation researcher Justin Drake detailed an initiative known as “Lean Ethereum,” a proposal aimed at making the network faster and more secure.

“Ethereum is unique,” Drake wrote in a series of blog posts, citing the network’s uninterrupted uptime since launch and the scale of economic security secured by staked ether.

“Lean Ethereum is more than a blueprint for hardening and scaling Ethereum,” he wrote.

“More than just doubling down on security, decentralization, and cutting-edge cryptography. It is an aesthetic,” Drake writes.

Drake has argued that while quantum computers cannot yet break blockchain cryptography, advances over the coming decade could pose risks if networks fail to prepare.

His proposal includes new cryptographic techniques designed to make Ethereum quantum-resistant while also improving scalability.

Under the proposal, Ethereum’s main execution layer could eventually handle around 10,000 transactions per second.

Drake has suggested that real-time zero-knowledge virtual machines and advanced data availability techniques could play a central role.

Top Picks for Ethereum
  • Best Exchanges for Ethereum Get A Great Offer When You Join These Exchanges
  • Buy Ethereum Fast & Easy How To Buy Ethereum With a Credit Card Now
  • Best Online Casinos for Ethereum See Our Picks for the Best Crypto Gambling Sites

Related Questions

QWhat is the estimated total loss from the coordinated attack on EVM-compatible chains as reported by ZachXBT?

AThe estimated total loss is about $107,000, and the amount is still increasing.

QWhat is the suspected address linked to the wallet draining activity on EVM chains?

AThe suspicious address flagged by ZachXBT is 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB.

QWhich wallet extension was implicated in a separate security incident over the Christmas holiday?

AThe Trust Wallet Browser Extension, specifically version 2.68, was implicated in a security incident over the Christmas holiday.

QWhat was the root cause of the Balancer exploit that occurred in November?

AThe Balancer exploit was caused by a faulty access control check in its V2 smart contracts, allowing an attacker to bypass permission checks with a malicious op.sender parameter.

QWhat is the name of the Ethereum Foundation researcher's initiative aimed at making the network more secure and scalable?

AThe initiative is called 'Lean Ethereum,' proposed by Ethereum Foundation researcher Justin Drake to harden security and improve scalability.

Related Reads

The Ambitions of Kalshi, MTS, and a16z

"Kalshi, MTS, and a16z's Ambition" explores prediction markets as a focal point for investors in 2025. The article traces their intellectual evolution from Hayek's ideas on distributed knowledge to Robin Hanson's logarithmic market scoring rule (LMSR), which incentivizes truth-telling. Venture firm Andreessen Horowitz (a16z) invested in prediction market platform Kalshi, valuing it at $220 billion. a16z argues these markets offer "presence"—a way for individuals to actively engage with and influence world events through financial bets, countering modern detachment. This transforms participants into "super observers" and grants the platform authority in defining event truth and importance. The piece positions prediction markets as a key component of a16z's envisioned "new media" empire. This strategy involves rapid, high-intensity content across platforms to "take over the timeline." Media company MTS exemplifies this with its constant news livestreams. Ultimately, Kalshi's value lies in its "reality distortion field"—the power to shape perception through the credibility of real-money markets, making it a potent tool within a16z's broader media and influence architecture.

marsbit1h ago

The Ambitions of Kalshi, MTS, and a16z

marsbit1h ago

Breaking: OpenAI Chip Veteran Joins Anthropic

Breaking News: OpenAI Chip Veteran Joins Anthropic Clive Chan, a key early member of OpenAI's in-house chip development team, has announced his departure from OpenAI to join rival AI company Anthropic. In his statement, Chan highlighted his experience as the second hire on OpenAI's hardware team, praising its exceptional talent density but expressing a desire to "climb a new mountain from the base." He cited Anthropic's talent, values, and ambitious pace as key reasons for his move. Chan also referenced OpenAI's disclosed partnership with Broadcom, aimed at deploying a 10GW AI accelerator system starting in the second half of 2026. His career includes roles at Tesla, Google, and SpaceX, focusing on AI infrastructure and hardware. This move continues a notable trend of talent flow from OpenAI to Anthropic, following other high-profile departures like researcher Andrej Karpathy. With Anthropic's recent $65 billion funding round valuing it near $1 trillion, the competition for top AI talent between these leading firms remains intense.

marsbit1h ago

Breaking: OpenAI Chip Veteran Joins Anthropic

marsbit1h ago

a16z's Globalization Shift: Venture Capital Is Becoming the 'Driving Force' for the U.S. Tech Alliance

a16z is making a significant shift in its globalization strategy, positioning itself not just as a global investor but as a key player in aligning technology with the national security and competitive interests of the United States and its allies. The firm’s recent initiatives, including opening a Tokyo office and appointing Anne Neuberger—a former U.S. government official with deep experience in defense and technology—as Global Affairs Lead, underscore this move. It highlights how venture capital’s role is expanding beyond funding and advice to helping startups navigate complex international regulations, geopolitics, and strategic partnerships in critical sectors like AI, cybersecurity, defense tech, and supply chain resilience. By rebranding its investor relations team as the Global Partnership Team and leveraging its extensive network to connect founders with global capital and key stakeholders, a16z aims to be a "behind-the-scenes force" for scaling companies internationally. The firm has already made over 100 international investments. Ultimately, a16z frames its mission as twofold: empowering founders to build great companies and, now, actively supporting the technological leadership and alliance networks of the U.S. and its allies in an era of heightened global competition.

marsbit1h ago

a16z's Globalization Shift: Venture Capital Is Becoming the 'Driving Force' for the U.S. Tech Alliance

marsbit1h ago

Uncovering the Truth About Agent Commerce, Payments, and Infrastructure

Decoding Agent Commerce, Payments, and Infrastructure: The Reality Over the past year, I've been building infrastructure for the Agent economy, engaging with major players like Stripe, Visa, Coinbase, Google, and dozens of startups. A clear conclusion emerges: true, large-scale demand does not yet exist. Startups face structural challenges. Data points illustrate this gap. Stripe's Agent commerce platform has over 1,000 merchants but only single-digit transacting agents. Visa's Agent payment token requires 9-month KYC and a $250M revenue threshold, accessible only to giants like Amazon. On-chain analysis reveals actual daily Agent transaction volume is around $17k, half of which are test transactions. The article analyzes four potential markets: **1. Agent-to-Merchant (A2M):** Current AI shopping UX is often inferior to traditional e-commerce for visual, comparison-heavy purchases (clothing, electronics). Chat interfaces are a step back. Real merchant interest is defensive "Agent Engine Optimization," fearing future obsolescence, not current demand. Potential exists in high-frequency, low-decision purchases (e.g., food delivery) or simplifying terrible UX (complex checkouts, non-native shoppers), but these require massive consumer distribution channels dominated by giants like DoorDash and Amazon. **2. Agent-to-API (A2A):** Developers already have subscriptions and billing for core APIs (compute, data). The argument for micro-payments via crypto for sub-dollar API calls is addressed by pre-paid balances today. The deeper issue is supplier resistance; major SaaS firms rely on enterprise contracts, not fractional cent pricing. Opportunity lies in the long tail of niche services, but this is a smaller market catering to developers, a historically low-paying group. **3. Agent-to-Agent (A2A):** This remains a theoretical long-term vision with near-zero current transaction volume. It involves unique challenges: discovery, trust, negotiation, dispute resolution. When it materializes, it will require a fundamentally new settlement infrastructure for high-speed, variable-value, multi-party transactions. It's a real long-term bet, but not the current market. **4. Agent-to-Finance (A2F):** This is the only category with existing, paying demand. Integrating AI into financial workflows (trading, portfolio management) is a natural evolution and enables new capabilities like autonomous rebalancing. However, competition favors incumbents with regulatory licenses, compliance infrastructure, and existing client relationships. **The Real Issue:** Why is infrastructure still being built? Incumbents can afford long-term bets, and payment companies see every problem as a nail for their payment hammer. However, payment is just one piece. The core challenge is *coordination*—orchestrating work between Agents and humans, verifying outcomes, and settling results. Payment is part of settlement, which is part of coordination. Companies that solve the coordination problem will subsume payments, not the other way around. Startups lack the infinite runway of giants and must find today's real market, which, after a year of exploration, lies outside these four categories—in an area with real, growing, and underserved activity.

marsbit1h ago

Uncovering the Truth About Agent Commerce, Payments, and Infrastructure

marsbit1h ago

Kalshi, MTS, and a16z's Ambition

The article "Kalshi, MTS, and a16z's Ambition" explores prediction markets as a focal point of excitement in 2025 for investors, crypto enthusiasts, and media. It traces their intellectual lineage from Friedrich Hayek's ideas on dispersed knowledge and market coordination to Robin Hanson's Logarithmic Market Scoring Rule (LMSR), which incentivizes truthful information sharing. The piece argues that a16z's significant investment in prediction market platform Kalshi (valued at $220B) transcends mere financial speculation. a16z frames prediction markets as a new form of "media" that provides "presence"—a way for individuals to actively engage with and influence world events through financial stakes, countering postmodern detachment. By wagering on outcomes, users become "super observers," and the market's aggregated probabilities gain authoritative power to define event truth and importance. The article uses media company MTS ("Monitoring The Situation") as a case study of a16z's "new media" strategy: rapidly producing high-intensity, multi-format content to "take over the timeline." However, prediction markets like Kalshi are presented as the ultimate piece in this media empire. Their real-money, crowd-sourced probabilities possess a unique "reality distortion field" and perceived objectivity, potentially swaying public opinion and granting a private company unprecedented interpretive power over reality. Ultimately, Kalshi's immense valuation is attributed not just to its exchange model, but to its role as a foundational component in a16z's envisioned new media landscape, where prediction markets define narrative and truth.

链捕手1h ago

Kalshi, MTS, and a16z's Ambition

链捕手1h ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow