ZachXBT Identifies Suspicious Address Linked to Hundreds of Crypto Wallets Losing Funds Across Chains

ZachXBT flags a suspicious address holding stolen crypto from nearly 20 blockchains in an ongoing attack.

Hundreds of crypto wallets on Ethereum Virtual Machine chains have been drained in small amounts. As of now, losses exceed $107,000. Each wallet reportedly lost less than $2,000. Meanwhile, blockchain investigators continue to monitor suspicious addresses while the attack’s cause remains unidentified. Users should strengthen wallet security immediately.

Small Crypto Wallet Drains Across EVM Chains

The exploit affected Ethereum, BNB, Avalanche, and Arbitrum wallets. Consequently, each victim lost under $2,000, but the total theft surpassed $107,000. ZachXBT, a blockchain investigator, flagged a suspicious address linked to these drains. Investigators are actively tracking this address as stolen assets spread across multiple chains.

SECURITY ALERT (EVM): ZachXBT reports a coordinated wallet-draining event across multiple EVM chains.

Hundreds of Wallets hit
<$2K per Victim (low-noise strategy)
~$107K Stolen so far, Still Rising
Root Cause Unknown

Suspicious Address:… pic.twitter.com/gY7ZmetY6N

— Crypto Patel (@CryptoPatel) January 2, 2026

According to DeBank, Ethereum accounts for about $54,655 of stolen funds, while BNB holds $25,545. In addition, Base, Polygon, Arbitrum, Optimism, and Avalanche show smaller amounts. As a result, attackers reduced the risk of automated detection. Analysts note the method indicates coordinated action rather than random attacks.

Connection to Trust Wallet Extension

Investigations indicate the drains may connect to the Trust Wallet’s Chrome extension compromise. In December, version 2.68 was breached, allowing attackers to collect wallet seed phrases. Subsequently, a trojanized update was pushed to the Chrome Web Store on December 24. Trust Wallet instructed one million users to upgrade to version 2.69.

Nansen and other monitoring firms confirmed the malicious version, Shai-Hulud, enabled fund transfers across multiple EVM wallets. Additionally, exposed developer secrets gave attackers direct access to Chrome Web Store API keys. This supply chain attack affected wallets beyond Trust Wallet users, demonstrating a broader risk.

Phishing Emails and Holiday Scams

Users also received phishing emails impersonating MetaMask during the holiday period. Some falsely claimed mandatory upgrades were required. Meanwhile, investigators have not confirmed a direct connection between these emails and wallet drains.

Data from Chainalysis shows individual wallet breaches contributed roughly 20% of crypto losses in 2025. Moreover, 158,000 wallet breaches affected 80,000 unique users, nearly tripling incidents recorded in 2022. As investigators continue tracking suspicious addresses, stolen funds are actively monitored across multiple chains.

Related Readings: Israel Targets Iran-Linked Crypto Wallets in Major Seizure

Ongoing Investigation and Security Advice

Users should immediately update wallet software and avoid clicking suspicious email links. Additionally, strong passwords and hardware wallets help secure digital assets. Checking transactions regularly can reveal unauthorized transfers. Meanwhile, exchanges and wallet providers monitor attacks to prevent further losses.

As a result, these ongoing wallet drains emphasize the risks in EVM-compatible wallets. Blockchain investigators continue monitoring unusual activity while users follow recommended security practices. Subsequently, updates on the exploit may reveal additional affected wallets or recovered funds.