ZachXBT has raised a fresh alarm about a live wallet‑draining campaign that targets users across multiple EVM chains, including Ethereum, Optimism, BNB Chain, Blast, and a few others, stripping small balances from a large number of addresses, with the root cause still unclear.
Hundreds of EVM User Wallets Hit For “Under $2K Each.”
According to ZachXBT’s public alerts on his Telegram channel, an active exploit targets wallets on Ethereum and other EVM‑compatible networks, with most victims losing less than 2,000 dollars per address.
He flagged the address “0xAc2e…” as a key hub for the operation and estimated that the thieves had already siphoned around 107,000 dollars when he first reported the pattern, with the total rising as more wallets drained.
The attack does not focus on a single protocol or token. Instead, it sweeps through a long tail of self‑custodial wallets, pulling out residual ETH and token balances wherever it finds exploitable keys or approvals. That structure suggests either a broad phishing campaign that harvested many seed phrases over time or a supply‑chain compromise in software that spans several chains.
Threat researchers note reports of phishing emails impersonating MetaMask that claim users must perform an urgent “security upgrade,” a well‑worn tactic that pushes victims to import seed phrases to malicious sites.
Some analysts also see possible overlap with the recent Trust Wallet browser extension incident, in which a tainted version of the extension allowed attackers to execute unauthorized transactions and drain roughly 7–8 million dollars before a patched release went live.
A Trend Toward Many Victims, Smaller Hauls
Data from Chainalysis shows a clear shift in attacker behavior. In 2025, compromises of individual wallets accounted for about 20% of all value stolen in crypto, with an estimated 158,000 wallet breaches impacting at least 80,000 unique users. The number of victims has doubled in three years, while total incidents have nearly tripled since 2022, but average damage per wallet often sits in the low thousands.
Investigators interpret this as a shift away from single, spectacular protocol exploits toward campaigns targeting everyday users at scale. Attackers face less risk of rapid blacklisting and law‑enforcement focus when they drain many small wallets instead of a single nine‑figure bridge or exchange.
READ MORE: NVIDIA Stock Price Forecast 2026: Reasons it May Hit $300 Soon
