A new wave of targeted wallet-draining attacks has become a cause for concern among crypto investors, highlighting the importance of security in the crypto space is still a major concern. According to a report released by on-chain analyst ZachXBT, hundreds of wallets across various EVM-compatible chains have been hit with security breaches in recent days.
The crypto expert said that a hacker is going after wallets with small amounts of money, mostly less than $2,000 per person. The losses keep piling up as the attacks go on.
While each loss might seem minor, the total amount stolen so far has already reached around $107,000, and ZachXBT warned that the number could grow with no end in sight for these attacks.
The exploits come at a time when the entire crypto market has grappled with surging security lapse and hacks in 2025. The incident comes right after the Trust Wallet exploit that took place last week. Trust Wallet lost $7 million during the recent Christmas holidays because of a security breach in a certain version of their browser extension. It has now started the process of returning the stolen funds to impacted users.
Wallet Drain Attacker Remains Unknown as Entry Point Stays Unclear
So far, the individual or group behind the thefts remains unidentified, although ZachXBT flagged a suspicious address linked to the activity: 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB.
It is also unclear how the hack has been carried out, leaving more wallets at risk.
Experts warn that as the cryptocurrency market expands, platforms and users must remain watchful and give higher security measures top priority in order to safeguard their assets.
Wallet Drain Incident Unfolds Amid Broader Wave of Crypto Exploits
The incident occurred amid an ongoing wave of cryptocurrency-related exploits. A Thursday article by PeckShield, a blockchain security startup, said that there were about 26 major cryptocurrency vulnerabilities in December that cost a total of about $76 million.
Wallet drain attacks became one of the most common security threats in the crypto ecosystem, especially in 2025. The year saw hack attacks resulting in the theft of as many as hundreds of thousands of personal wallets with the subsequent transfer of funds into chains that supported the EVM and other networks.
During the first half of 2025, the total loss incurred by wallets as a result of wallet drainers like fake dApp landing pages, vulnerable browser extensions, and social engineering attacks was $1.93 billion.
Many people using Trust Wallet and MetaMask have lost millions of dollars due to phishing sites as well as extension exploits. According to data on the blockchain, a total of over 80,000 victims have fallen victim to over 158,000 wallet breaches, a move that was influenced by the adaptation of the attackers, who have utilized automation.
Security specialists argue that both developers and users must maintain good wallet hygiene and harden themselves against ever more sophisticated threats, which are becoming increasingly advanced in order to adequately protect their valuables against this ever-growing trend.
Why Are Wallet Drains So Dangerous?
Wallet drains have become one of the most worrying security problems in crypto, mainly because they don’t rely on breaking blockchains.
These breaches commonly rely on tricking people. Instead of hacking a network, attackers trick people into signing off on a bad transaction or approval, usually through fake websites, phishing links, hacked social media accounts, and even customer support. Once a wallet signs it, the money can be taken out in seconds, and there is almost no chance of getting it back. These scams have gotten worse as self-custody and DeFi have grown, where people often connect wallets and sign transactions.
In 2023, a number of NFT collectors lost millions of dollars after clicking on “free mint” links that gave attackers full spending rights. More recently, hijacked X accounts of crypto figures have posted fake announcements, leading followers to connect wallets and lose their assets.
What makes wallet drains especially painful is that everything looks “legitimate” on-chain, something the user technically approved. That’s why education, clearer wallet warnings, and tools to preview or revoke permissions are becoming essential.
