Active Cross-Chain Attack Drains Over $107K From Hundreds of Crypto Wallets

Quick Breakdown 

• A live cross-chain exploit has drained over $107K from hundreds of wallets across EVM-compatible blockchains
• Attackers are targeting many small wallets, using tactics similar to address poisoning and key compromise
• Recent breaches show crypto’s biggest threat is shifting from smart contracts to human-layer security

 

A live cross-chain exploit is draining funds from hundreds of crypto wallets across multiple EVM-compatible blockchains, with total losses now exceeding $107,000 and still rising.

Blockchain investigator ZachXBT raised the alarm early Friday, noting that while individual losses are relatively small, often below $2,000 per wallet, the scale and coordination of the attack suggest a far more serious underlying threat.

What we know so far

According to ZachXBT, the exploit appears to be linked to a suspicious wallet address (0xAc29bFB*) believed to be connected to the ongoing thefts. Victims are spread across several EVM chains, indicating a highly coordinated operation.

The investigator is actively compiling verified victim addresses and has urged affected users to reach out directly via X as the situation continues to unfold.

Rather than targeting a single high-value wallet, the attackers are draining numerous smaller wallets, a strategy that allows them to quietly extract funds while avoiding immediate detection.

Multi-Chain strategy raises red flags

Security researchers say the attack’s cross-chain execution points to sophisticated infrastructure, enabling threat actors to operate simultaneously across multiple networks.

The pattern mirrors recent crypto scams involving address poisoning and private-key compromises, where attackers exploit user behaviour or leaked credentials instead of smart contract flaws. Experts warn that this distributed approach maximizes overall gains while buying attackers time before victims can react.

Trust Wallet hack underscores growing security risks

The warning comes shortly after the Trust Wallet Christmas Day breach, which drained roughly $7–$8.5 million from users following the installation of a malicious browser extension.

Trust Wallet CEO Eowyn Chen confirmed that the company’s Chrome extension was temporarily removed from the Chrome Web Store due to a technical issue, delaying access to a claims verification tool for victims.

Investigations revealed that a compromised version (v2.68) of the extension contained hidden code that harvested users’ recovery phrases. The malicious release passed Chrome’s review process, allowing it to appear legitimate while enabling attackers to siphon funds across Ethereum, Bitcoin, and Solana.

Trust Wallet traced the incident to a wider supply-chain attack dubbed “Sha1-Hulud,” which exploited leaked GitHub secrets and a compromised Chrome Web Store API key, bypassing internal approval systems entirely.