Crypto Alert: Hundreds of EVM Wallets Drained in Mysterious Attack—What’s the Vulnerability?

Hundreds of wallets connected to the Ethereum Virtual Machine ecosystem suddenly went dry overnight. No one saw it coming—and no one's claiming responsibility.

The Silent Drain

Funds vanished from EVM-compatible wallets across multiple chains. The attack vector remains unclear—no massive phishing campaign, no glaring smart contract bug announced. Security firms are scrambling. Was it a novel exploit? A coordinated private key compromise? The silence is louder than the theft.

EVM's Ubiquity Becomes the Attack Surface

The very feature that makes EVM powerful—its widespread adoption across chains like Polygon, Avalanche, and BNB Smart Chain—may have created a single point of failure. An exploit in a common library, a trusted provider's breach, or a foundational protocol flaw could have catastrophic ripple effects. Interoperability cuts both ways.

The Cold Wallet Crowd Says 'I Told You So'

Hardware wallet manufacturers are having a field day. The incident fuels the classic crypto security debate: the convenience of hot wallets versus the fortress of cold storage. Your keys, your crypto—until they're not in your possession anymore.

Trust, but Verify (Again)

This isn't just about a few hundred wallets. It's a stress test for the security assumptions underpinning a multi-trillion-dollar ecosystem. Every protocol, every bridge, every connected dApp is now under the microscope. Auditors are working double-time.

The market shrugged it off—a mere blip in the daily volatility. After all, what's a few hundred drained wallets when institutional money is flooding in? Just another cost of doing business in the digital wild west, where the only thing growing faster than the tech is the target on its back.

In brief

• EVM wallets lost less than $2,000 each, but the attack is massive.
• MetaMask phishing via fraudulent email seems to be the initial vector of this new attack.
• The suspicious address collected more than $107,000 according to on-chain investigator ZachXBT.
• The case recalls the Trust Wallet hack caused by a tainted npm package in December.

The silent heist: EVM wallets surgically siphoned

ZachXBT, the famous on-chain investigator, sounded the alarm on Telegram: a mysterious attack is currently siphoning wallets on multiple EVM chains. The suspicious address, identified as the collection point, has already collected more than $107,000, according to his estimates. The modus operandi is intriguing: each crypto wallet targeted loses less than $2,000, a low enough amount to go under the radar, but formidable due to mass effect.

“This looks like a broad automated exploitation “, explains Hackless, a Web3 cybersecurity provider, in a warning published on X.

The goal does not seem to be a splashy strike but a long series of small targeted thefts, relying on victims’ fatigue in tracking every unauthorized fund outflow. Some experts are already talking about a strategy worthy of a digital parasite: slow, lurking in the shadows, but capable of bringing down an entire ecosystem through invisible bites.

But the alert does not stop there. Vladimir S., a cybersecurity analyst, quotes another user: a fake MetaMask email, urging an update, WOULD have been the Trojan horse of this attack. This next-generation phishing plays on confusion and habit, two human flaws still too little addressed in crypto.

The other virus of crypto: trust chain vulnerabilities

The blow recalls another event still fresh in memory: the Trust Wallet hack on December 25, 2025, causing a $7 million loss. Again, the source was not a genius hacker, but a supply chain attack named “Sha1-Hulud.” npm packages, commonly used to code blockchain applications, had been contaminated.

This tainted code then allowed the attacker to infiltrate the project’s GitHub environment, steal developer secrets, and publish a tainted version of the extension on the Chrome Web Store. Result: 2,596 wallets compromised.

What if this scenario repeats? For @anndylian, a Web3 expert, insider leads should not be excluded: “This kind of ‘hack’ is not natural. There is a strong chance an insider is involved.”

What to retain from the EVM wallets attack

• $107,000 stolen from various wallets since early January 2026;
• A fraudulent MetaMask email suspected to have triggered the siphoning;
• Trust Wallet hack in December: $7 million stolen via infected npm;
• 2,596 wallets affected at Christmas, possibly by a fake Chrome plugin;
• The hypothesis of an insider agent raised by several specialists;

Year 2025 was harsh for the crypto industry. Chilling numbers circulate in the digital corridors: $3.4 billion lost in hacks and scams, according to several observers. A dark year, say some. And now 2026 starts like a remake. One might believe crypto must now learn to live with its digital ghosts.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.