An active exploit is draining hundreds of crypto wallets, with losses amounting to around $107,000 and continuing to rise as investigators work to identify the source.

The breach, identified by blockchain investigator ZachXBT, highlights the ongoing risks faced by digital asset holders in the crypto industry.

Ongoing Exploit Siphons Small Amounts From Hundreds of Crypto Wallets

The exploit targets crypto wallets on various Ethereum Virtual Machine (EVM) compatible blockchains, draining small amounts from each victim. According to ZachXBT’s investigation, affected wallets have lost under $2,000.

The investigator also identified a suspicious address, 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB.

“It appears hundreds of wallets are currently being drained on various EVM chains for small amounts (<$2k total per victim) with a root cause not yet unidentified. So far ~$107K has been drained from them with the theft total still increasing,” ZachXBT posted on Telegram.

The tactic shows signs of coordination rather than random attacks. By spreading out individual losses, the perpetrators reduce the chance of triggering automated alerts while maximizing profits.

Meanwhile, ZachXBT added that the precise cause is not yet known. However, users on X (formerly Twitter) reported receiving a phishing email impersonating MetaMask. The email falsely claimed a mandatory upgrade was required.

“According to @Mecha_Kong, there was a spoof mm email sent out today about upgrading… could be the reason behind drains…,” Vladimir, a threat researcher, posted.

Others have speculated that the activity could be connected to Trust Wallet’s recent browser extension incident.

Last week, a malicious version of Trust Wallet’s browser extension (v2.68) was listed on the Chrome Web Store. This allowed attackers to access wallet data and execute unauthorized transactions.

“We have identified 2,520 wallet addresses that were affected by this incident and drained by the attackers, with approximately $8.5 million in assets impacted that can be associated with 17 wallet addresses controlled by the attacker. It is important to note that we found that these attacker addresses also drained wallet addresses NOT associated with Trust Wallet and this incident. We are actively tracking other wallet addresses that may have been impacted and will release updated numbers once we have confirmation,” the team stated.

Nonetheless, at this stage, investigators have not officially confirmed a direct link between the current wallet drains, phishing campaigns, or the Trust Wallet incident.

Individual Wallet Breaches in 2025

This incident underlies the persistent threat faced by cryptocurrency users. Data from Chainalysis shows that in 2025, compromises involving individual wallets accounted for roughly 20% of the total value stolen across the crypto ecosystem.

During the year, attackers carried out an estimated 158,000 wallet breaches, impacting at least 80,000 unique victims. This marks a sharp increase compared with 2022, when approximately 54,000 wallet compromises were recorded, affecting around 40,000 users.

The number of victims has therefore doubled in just three years, while the total number of incidents has nearly tripled. Still, compared with 2024, the trend shows a decline, with losses falling from a peak of $1.5 billion in 2024 to $713 million in 2025.

“This suggests that attackers are targeting more users, but stealing smaller amounts per victim,” Chainalysis said.

The latest incident indicates that security vulnerabilities remain a major concern in 2026 as well. As investigators continue to monitor the suspicious address and analyze the attack pattern, the crypto community is weighing how to balance decentralization with stronger security measures. The next days may reveal more victims or progress in tracing the stolen funds.