Hundreds of cryptocurrency wallets across multiple Ethereum Virtual Machine (EVM)–compatible blockchains have been drained in an ongoing attack that has yet to be fully understood. The activity was first highlighted by prominent onchain investigator ZachXBT, who says losses are continuing to climb as the attacker remains unidentified.
According to updates shared on ZachXBT’s Telegram channel, the attacker appears to be targeting a large number of wallets rather than going after high-value accounts. Most victims have lost relatively small amounts, typically less than $2,000 per wallet. While these individual losses may seem limited, their cumulative effect is becoming increasingly significant.
#PeckShieldAlert December 2025 witnessed ~26 major crypto exploits, resulting in total losses of ~$76M.
— PeckShieldAlert (@PeckShieldAlert) January 1, 2026
This figure represents a decrease of over 60% from November's total of $194.27M, marking a significant reduction in monthly losses.
Notably:
🔺Wallet 0xcB80...819 lost $50M… pic.twitter.com/CNW3R6646j
As of the most recent estimate, total losses have reached roughly $107,000. ZachXBT cautioned, however, that this figure is likely to rise as the exploit remains active and additional compromised wallets are discovered.
One of the most concerning aspects of the incident is that the initial point of entry has not yet been identified. Without clarity on how wallets are being accessed, users across EVM chains may continue to face risk. Although no suspect has been publicly named, ZachXBT has flagged one wallet address — 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB — as potentially linked to the activity.
This latest incident comes during a broader period of heightened security challenges in the crypto sector. Blockchain security firm PeckShield reported that December saw approximately 26 major crypto exploits, with total losses estimated at $76 million. While still substantial, that figure represents a sharp 60% drop from November, when losses reached around $194.27 million.
Among December’s more notable cases was a security incident involving Trust Wallet. During the Christmas holiday period, the wallet provider disclosed an exploit affecting a specific version of its browser extension. The issue led to approximately $7 million in user losses.
Trust Wallet has since initiated a compensation process for affected users. Addressing community concerns, CEO Eowyn Chen explained on Thursday that the browser extension had been temporarily removed from the Chrome Web Store due to a platform-side issue encountered during a version update. She noted that the newly released version includes an added feature allowing reimbursement claimants to submit verification codes directly through the extension, helping the company confirm wallet ownership more efficiently.
Some may have noticed that the @trustwallet Browser Extension is temporarily unavailable on the Chrome Web Store. We hit a Chrome Web Store bug 😢 while releasing a new version that includes a feature to help reimbursement claimants submit verification codes from their extension…
— Eowync.eth (@EowynChen) December 31, 2025
Taken together, these incidents highlight ongoing security challenges facing the crypto ecosystem, even as overall exploit-related losses show signs of slowing. For users, the situation underscores the importance of staying alert, keeping software up to date, and monitoring wallets closely during periods of active threat.
As investigations continue and security teams work to identify vulnerabilities, the industry will be watching closely for answers — and for measures that can help prevent similar attacks in the future.
