Hundreds of wallets have been leaked in an ongoing cross-chain attack, ZachXBT warns
Crypto journalist
Anas Hasan
Crypto journalist
Share
An active cross-chain exploit is draining hundreds of crypto wallets across multiple EVM-compatible blockchains, with losses exceeding $107,000 and increasing as the attack continues.
Blockchain researcher ZackXBT reported on the incident early Friday, warning that victims were losing relatively small amounts per wallet (typically less than $2,000) while the root cause remained anonymous.
The coordinated attack follows December's devastating crypto security disaster in which $76 million was stolen in 26 major exploits, including a $50 million address poisoning scam and a Christmas Day Trust Wallet breach that drained $7 million from users.
A pattern of attacks emerges across multiple Blockchains.
ZachXBT identified a suspicious address (0xAc2***9bFB) associated with ongoing thefts targeting EVM chains.
As more victims come forward, the investigator is compiling the addresses of confirmed stolen victims and asking affected users to contact him directly on X (formerly Twitter).
The distributed attack reflects tactics seen in recent high-profile incidents, where attackers use multiple smaller wallets instead of targeting one large holding.
This approach often avoids immediate detection by maximizing total withdrawals in hacked accounts.
Security researchers say the cross-chain nature suggests a sophisticated infrastructure where threat actors are operating simultaneously across multiple blockchain networks to drain victims of their funds before they can react.
Beyond EMM chains, the attack method resembles patterns seen in address poisoning schemes and private-key compromises that have plagued the industry in recent months.
Experts emphasize that the integrated timing and multi-chain execution means attackers have the best resources to maintain a continuous infrastructure across different blockchain environments.
The trust wallet breach highlights a broader vulnerability crisis
The alert comes days after Trust Wallet users experienced new problems when the company's Chrome extension was temporarily removed from the Chrome Web Store, delaying a critical claims verification tool for victims of the Christmas Day hack.
Eoin Chen, CEO of Trust Wallet, confirmed that Google was aware of the technical bug it encountered during the release of the new version.
“We understand how this happened and our team is actively working on it,” TrustWallet said after identifying 2,520 leaked wallet addresses linked to approximately $8.5 million in stolen assets in 17 attacker-controlled wallets.
The December 25 breach came from a malicious version of the Trust Wallet browser extension 2.68 that appeared to be legitimate and passed Chrome's review process, but contained hidden code that generated recovery phrases.
Users who installed the compromised extension and logged in between December 24th and 26th experienced rapid cash flow across multiple blockchains, including Ethereum, Bitcoin and Solana.
TrustWallet followed the incident with a massive supply chain attack called Sha1-Hulud that emerged in November and put several companies at risk with exposed GitHub secrets and a leaked Chrome Web Store API key.
The attack bypassed internal validation checks, allowing for the direct upload of malicious code that was valid for both automated security systems and manual reviewers.
Industry faces a human-layer security crisis.
Mitchell Amador, CEO of Immunefi, warns that the crypto sector is facing a fundamental security calculus as attack vectors are targeting operational vulnerabilities rather than smart contract code.
“The threat landscape is shifting from onchain code vulnerabilities to operational security and treasury-level attacks,” he told Cryptonews. “As the Code Gets Harder, Attackers Are Targeting the Human Body.”
While hacking losses fell 60 percent over the month to $76 million in December, compared to $194.2 million in November, security experts stressed continuing threats.
“Crypto is facing a security bill,” Amador said. “Most of the hacks this year weren't due to poor auditing, they were caused by post-launch, protocol updates, or integration vulnerabilities.”
Blockchain security firm PeckShield documented 26 major exploits in December, with address poisoning and private key leaks leading to significant losses.
One victim lost $50 million to the intended destination by mistakenly copying a fraudulent address.
Another major incident was a private key leak tied to a multi-signature wallet, which resulted in a loss of nearly $27.3 million.
The industry's vulnerability extends beyond technical exploits to social engineering schemes, with Brooklyn resident Ronald Spector accused of defrauding 100 Coinbase users of $16 million by impersonating company employees.
Trending news, recommended popular crypto topics, price predictions
