The Silent Drain
A new, unidentified attack vector is actively siphoning funds from hundreds of EVM-compatible wallets, with no clear root cause yet confirmed. On-chain investigator ZachXBT identified the wave of unauthorized transfers late Thursday, noting the attacker is targeting users across Ethereum, BNB Chain, and Polygon.
Unlike high-profile bridge hacks that drain millions in seconds, this exploit plays a volume game. Victims are losing relatively small sums, mostly under $2,000, allowing the attacker to stay under the radar of automated security monitors. The cumulative theft currently exceeds $107,000 and is rising hourly.
The Receipt
The stolen funds are consolidating at a specific address: 0xAc2…9bFB. Etherscan has already flagged the address as involved in a phishing/exploit campaign.
It appears hundreds of wallets are currently being drained on various EVM chains for small amounts (<$2k total per victim) with a root cause not yet identified.
Institutional Context: Fear of the Unknown
The lack of a confirmed vector, such as a specific compromised protocol or phishing link, is the primary risk factor here. Speculation points to a potential connection with the recent Trust Wallet browser extension vulnerability (v2.68), which saw $8.5 million stolen over the holidays. However, ZachXBT emphasized that a direct link remains unproven.
Despite the security alert, the broader market remains unfazed. Trust Wallet Token (TWT) held steady at $0.88 (+0.5%), while Ethereum (ETH) pushed higher to $3,111 (+4.1%), suggesting traders view this as retail-level hygiene failures rather than a systemic protocol threat.
Outlook
Until a vector is isolated, users should revoke indefinite token approvals and verify browser extension versions immediately. The “low and slow” nature of this attack suggests an automated script harvesting private keys from a previously compromised database.
