On-chain investigator ZachXBT has brought to light a major crypto draining campaign that is affecting wallets across multiple EVM chains. According to an alert on ZachXBT’s Telegram channel, an unknown attacker has been targeting several crypto wallets and stealing small amounts, notably under $2,000 per wallet. While at first glance the losses seem minor, the vast amount of wallets being targeted at the same time is a concerning development, especially as the attack vector remains unknown at the moment. As of the last update, ZachXBT estimates that total losses have reached roughly $107,000 , but warned that the figure may continue to increase. At the time of publication, the investigation did not identify the attack vector that allowed the attacker to compromise these wallets, which leaves room for more victims to be affected. ZachXBT has flagged the attacker’s address: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB. Some community members believe that the attacks may be the result of a malicious campaign targeting MetaMask users. One X user, going by the name MechaKong, highlighted a spoof email that was reportedly sent to MetaMask users earlier in the day. The message urged recipients to upgrade to the latest version of the wallet and directed them to download a file that was not affiliated with the official source. A screenshot of the phishing email shows a fake download link masked under a MetaMask-branded prompt, which may have tricked unsuspecting users into compromising their wallets. See below. Vladimir S. | Officer’s Notes @officer_secret · Follow Replying to @officer_secret According to @Mecha_Kong , there was a spoof mm email sent out today about upgrading… could be the reason behind drains… 8:12 AM · Jan 2, 2026 40 Reply Copy link Read 6 replies Trust Wallet users were recently targeted Last week, similar panic ensued among several Trust Wallet users who found that their wallets had been drained without warning. Specifically, users who were operating the Trust Wallet Google Chrome extension became the victim of a large-scale heist after attackers were able to upload a malicious version, v2.68, to the Chrome Web Store on December 24, 2025. It is estimated that they were able to carry this out, likely using leaked API keys, and pushed malicious code disguised as analytics logic, which allowed them to quietly harvest sensitive user data, specifically seed phrases. Attackers were able to steal somewhere between $7 million and $8.5 million from hundreds of wallets across more than 2,500 affected addresses. A patch has since been released to fix the compromised version, and Trust Wallet has confirmed that it will reimburse all affected users. Over $3 billion lost to hacks in 2025 The recent wallet-draining campaign, however, presents a sharp contrast from broader crypto attack trends in 2025, where attackers were largely found to be targeting centralized services across fewer incidents. Total losses from these concentrated events surpassed $3 billion last year, with a handful of breaches like the Bybit hack accounting for the vast majority of the stolen funds. The total number of incidents, however, dropped compared to the previous year. Security agencies have attributed a significant portion of total crypto losses to North Korean hackers , who are believed to have netted roughly $2.02 billion through increasingly coordinated and structured operations. The post ZachXBT flags ongoing attack targeting crypto wallets across multiple chains appeared first on Invezz
