Hundreds of Wallets Drained in Ongoing Cross-Chain Attack, ZachXBT Warns

Hundreds of Wallets Drained in Ongoing Cross-Chain Attack... An ongoing cross-chain attack is systematically draining hundreds of cryptocurrency wallets across multiple EVM-compatible blockchains, with losses exceeding $107,000 as blockchain investigator ZachXBT warns victims and researchers work to identify the exploit's origin. The post Hundreds of Wallets... An active cross-chain exploit is draining hundreds of crypto wallets across multiple EVM-compatible blockchains, with losses exceeding $107,000 and climbing as the attack continues.Blockchain investigator ZachXBT flagged the incident in the early hours of Friday, warning that victims are losing relatively small amounts per wallet (typically under $2,000), while the root cause remains unidentified.The coordinated attack follows a devastating December for crypto security, which saw $76 million stolen across 26 major exploits, including a $50 million address poisoning scam and the Christmas Day Trust Wallet breach that drained roughly $7 million from users.Source: TelegramAttack Pattern Emerges Across Multiple BlockchainsZachXBT identified a suspicious address (0xAc2***9bFB) that may be linked to ongoing thefts targeting EVM chains.The investigator is compiling verified addresses of theft victims as more victims come forward and is requesting that affected users contact him directly via X (formerly Twitter).The distributed attack mirrors tactics seen in recent high-profile incidents, in which attackers exploit multiple smaller wallets rather than targeting a single large holding.This approach often evades immediate detection while maximizing total extraction across compromised accounts.Security researchers note that the cross-chain nature suggests sophisticated infrastructure, with threat actors operating simultaneously across different blockchain networks to drain funds before victims can respond.Beyond EVM chains, the attack methodology resembles patterns observed in address-poisoning schemes and private-key compromises that have plagued the industry over recent months. HACKERS ARE QUIETLY STEALING FUNDS FROM EVERYDAY WALLETS ACROSS EVM CHAINSResearcher ZachXBT warns that hundreds of wallets are being drained across multiple EVM networks.Most victims lose small amounts (under $2K), but the total stolen has already reached $107K.The exactâEUR¦ pic.twitter.com/Jl6DcI0JqE- Zia ul Haque (@ImZiaulHaque) January 2, 2026 Experts emphasize that the coordinated timing and multi-chain execution indicate well-resourced attackers capable of maintaining persistent infrastructure across various blockchain environments.Trust Wallet Breach Highlights Broader Vulnerability CrisisThe alert comes days after Trust Wallet users faced fresh complications when the company's Chrome extension was temporarily removed from the Chrome Web Store, delaying a crucial claims verification tool for victims of the Christmas Day hack.Trust Wallet CEO Eowyn Chen confirmed that Google acknowledged a technical bug encountered during the new version release."We understand how concerning this is, and our team is actively working on the issue," Trust Wallet stated after identifying 2,520 drained wallet addresses linked to roughly $8.5 million in stolen assets across 17 attacker-controlled wallets.The December 25 breach stemmed from a malicious version 2.68 of Trust Wallet's browser extension, which appeared legitimate, passed Chrome's review process, but contained hidden code that extracted recovery phrases.Users who installed the compromised extension and logged in between December 24 and 26 faced immediate fund outflows across multiple blockchains, including Ethereum, Bitcoin, and Solana. @TrustWallet users affected by the Chrome extension hack are still waiting for the claims tool after the extension was pulled due to a Chrome Web Store bug#TrustWallet #CryptoSecurity #Chromehttps://t.co/O6atPd0DVa- Cryptonews.com (@cryptonews) January 1, 2026 Trust Wallet traced the incident to a broader supply-chain attack known as Sha1-Hulud, which surfaced in November and compromised multiple companies through exposed GitHub secrets and a leaked Chrome Web Store API key.The attack bypassed internal approval checks, allowing direct uploads of malicious code that appeared authentic to both automated security systems and manual reviewers.Industry Faces Human-Layer Security CrisisMitchell Amador, CEO of Immunefi, warns that the crypto sector confronts a fundamental security reckoning as attack vectors increasingly target operational vulnerabilities rather than smart contract code."The threat landscape is shifting from onchain code vulnerabilities to operational security an...