- On-chain analysis has already confirmed total losses of over $107,000.
- Investigators have not yet identified a specific wallet provider or exploit vector.
- Attackers are skimming small amounts of less than $2,000 per wallet, delaying detection and spreading the risk.
A new on-chain alert has drawn attention to a discreet but widespread cryptocurrency theft campaign affecting hundreds of users across EVM-compatible blockchains.
Warning shared by blockchain investigators ZachXBTIt represents a joint fund-draining operation that has already resulted in cumulative losses of more than $107,000.
What is different about this case is not the scale of individual thefts, but how they are carried out. Rather than targeting large balances, the attackers appear to be extracting relatively small amounts from multiple wallets.
Most losses remain below $2,000 per address, allowing activity to spread quietly without attracting the immediate attention of victims or monitoring systems.
A secret pattern emerges
We confirm that the affected wallets span multiple EVM-compatible networks and are not limited to a single chain or ecosystem.
Transaction data reviewed by investigators shows consistent timing and similar transfer amounts, indicating a coordinated effort rather than isolated incidents.
To date, no specific wallet provider, decentralized application, or smart contract vulnerability has been identified as an entry point. There is also no official confirmation linking the leak to a compromised software update or phishing campaign.
It was confirmed that stolen funds were flowing to the relevant addresses, suggesting that a single actor or closely linked group was responsible.
Efforts to contain the problem have been complicated by the lack of a clear exploitation vector.
Without knowing how to gain access, users and developers are left with limited immediate options other than hardened perimeters.
Why Small Losses Bring Big Risks
While the financial impact on individual users may seem limited, the method itself raises broader concerns.
By spreading the theft across multiple wallets, attackers delay detection and reduce the likelihood of a rapid, coordinated response.
Victims may discover missing funds days or weeks later.
This approach also highlights the ongoing risks faced by self-managed users interacting with multiple chains, protocols, and permissions.
Each interaction increases the surface area for potential compromise, especially within the interconnected EVM ecosystem.
The timing of the incident added to the anxiety in the cryptocurrency community.
This follows a series of security breaches in late 2025 that reopened investigations into wallet authorization, private key management, and cross-chain activity.
Exploits still remain a persistent threat.
This episode fits into a broader pattern of ongoing security issues across the digital asset sector.
Data from blockchain security companies PeckShield In December, there were approximately 26 major cryptocurrency attacks resulting in losses of approximately $76 million.
While this total is significantly lower than November’s $194 million, it confirms that exploit activity is still ongoing.
One of the most notable events of the period trusstea walletThis disclosed a security issue related to a specific version of the browser extension.
The breach, which occurred over the Christmas period, resulted in approximately $7 million in losses.
The company has since begun compensating affected users and introduced updates to strengthen verification and refund processes.
ZachXBT said the wallet drain case is still ongoing and fund movements are still being tracked.
There is currently no confirmed explanation for how the wallets were compromised, and no single product or service has been publicly criticized.