In a disturbing development, hundreds of crypto wallets across Ethereum-compatible (EVM) chains are being drained in a continuing assault. The on-chain investigator ZachXBT reported the incident through his Telegram channel, revealing that victims have collectively lost approximately $107,000, a figure that is likely to rise as the attack persists.
The attacker is focusing on low-balance wallets, targeting accounts with funds under $2,000 each. While individual losses may seem minor, the cumulative effect is significant as more wallets fall victim to this breach. ZachXBT has flagged a suspicious address, 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB, which is believed to be linked to the ongoing thefts. However, the method by which the attacker gains access to these wallets remains unknown, raising concerns about potential vulnerabilities that could be exploited further.
Trust Wallet Breach and Broader Security Concerns
In a related incident, Trust Wallet acknowledged a separate breach associated with its browser extension version 2.68 during the holiday season. The company disclosed that exposed secrets on GitHub enabled the attacker to bypass standard release protocols. A trojanized version of the extension was deployed, capable of harvesting users” wallet mnemonic phrases, which were then sent to a malicious server.
Following this breach, around one million users were urged to update to version 2.69 after the compromised extension appeared on the Chrome Store. Trust Wallet”s CEO, Eowyn Chen, explained that technical issues during the update process temporarily made the extension unavailable. The update included a verification feature to assist reimbursement claimants in proving wallet ownership. Trust Wallet confirmed losses of approximately $7 million from this incident and initiated compensation for affected users.
Escalating Crypto Exploits and FBI Alert
The frequency of crypto-related exploits surged during December, as reported by PeckShield, which identified 26 separate incidents resulting in around $76 million in stolen funds. Though this amount was lower than the $194.27 million lost in November, the trend indicates an alarming continuation of attacks across various platforms.
Research has indicated that a new version of malware, dubbed Shai-Hulud 3.0, features enhanced obfuscation techniques, designed to prolong its effectiveness without introducing new methods. Additionally, Nansen has suggested that attackers may be routing stolen assets through services like Tornado Cash, Railgun, and TRON, complicating efforts to trace the movements of these illicit funds.
The FBI has issued warnings to Americans regarding the rise in phishing and non-delivery scams during the holiday season, which have collectively contributed to $785 million in annual losses. Additionally, credit card fraud accounted for a further $199 million, intensifying concerns about seasonal cybercrime that targets personal and financial data.
In light of these developments, the scale of crypto thefts reached an unprecedented $2.7 billion last year. The largest single attack targeted the Dubai-based exchange Bybit, resulting in approximately $1.4 billion stolen in one breach. Additionally, state-linked North Korean groups have reportedly pilfered over $2 billion in cryptocurrencies over the past year, amassing a total of around $6 billion since 2017, largely to fund programs despite international sanctions.
