Hundreds of Wallets Drained in Ongoing Cross-Chain Attack, ZachXBT Warns
An active cross-chain exploit is currently draining hundreds of wallets across multiple EVM-compatible blockchains, with losses exceeding $107,000 and continuing to rise as investigators seek to identify the root cause.
Victims typically lose under $2,000 per wallet. Despite ongoing investigations, the exploit's root cause has not yet been identified. A suspicious address (0xAc2***9bFB) may be linked to the ongoing thefts.
Crypto researcher ZachXBT is compiling verified victim addresses and is requesting that affected users contact him via X. The attack targets many smaller wallets across chains rather than a single large holder, suggesting the use of coordinated, multi-chain infrastructure to maximize total extraction and hinder early detection.
Separately, a breach of the Trust Wallet Chrome extension has been linked to the Sha1-Hulud supply-chain attack, with 2,520 drained addresses tied to about $8.5 million across 17 attacker-controlled wallets. The compromised extension, version 2.68, contained hidden code, and Google has acknowledged a bug in this release.
In the broader industry context, December saw 26 major exploits reported by PeckShield. December hack losses fell 60% month-over-month to $76 million, down from $194.2 million in November. Notable incidents in December included a $50 million address-poisoning scam, a $27.3 million private-key leak, and a $16 million social-engineering theft impersonating Coinbase.
This ongoing cross-chain attack underscores the continuing vulnerabilities and persistent threat actors within crypto security.
