Key Highlights
- EVM wallets face automated attacks, draining small amounts from hundreds of users, with total losses surpassing $107K and rising rapidly.
- Browser and third-party wallet flaws leave users exposed, highlighting urgent risks in Chrome extensions and Magic Labs login systems.
- Phishing scams and ICO exploits continue, with stolen funds often laundered via SOL and nested services, showing coordinated attack sophistication.
Crypto wallets on several Ethereum Virtual Machine (EVM) chains are under attack, and hundreds of users are losing funds. Blockchain investigator ZachXBT warned on Telegram that each wallet is losing less than $2,000, but the total stolen amount has so far exceeded $107,000, as of latest data.
Victims have reported that funds suddenly disappeared, without incremental withdrawals, which indicates a very focused and automated attack. The vulnerability used is still unknown, thus leaving users and developers in the dark.
The attack has influenced wallets belonging to high-profile projects. Megamus.hl reported on X that his wallet, holding MegaETH allocations, was compromised. “My EVM wallet got hacked today. Luckily I had already moved most of my funds out,” the victim posted on X. He pointed out that his MegaETH allocation is exposed and that the MegaETH team is searching for solutions.
Browser extension vulnerabilities raise alarm
This wave of attacks follows Trust Wallet’s confirmation of a security incident on December 26, affecting a Chrome browser extension version. ZachXBT estimates attackers drained more than $6.77 million from users’ wallets through similar breaches.
The timing also coincides with Trust Wallet’s recent update rollout, suggesting a vulnerability in the extension’s new code. Users reported sudden fund transfers, often seeing balances vanish within minutes. Many victims did not notice gradual withdrawals, indicating automated exploit scripts targeting multiple wallets.
Further threats were posed by the decentralized prediction platform Polymarket due to a breach via a third-party log-in vendor named Magic Labs. Users who logged in using the Magic Labs system had their wallet balances drained without it affecting either their devices or mail addresses.
Polymarket confirmed the issue and stated, “We recently identified and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider.”
Phishing scams and ICO exploits
Phishing campaigns continue to plague the crypto ecosystem. SpecterAnalyst in a post on X highlighted Solana-based scams involving omnerausd and Shade_L2 ICOs. Victims lost wallet permissions and had funds siphoned into attacker-controlled addresses.
In a case, $200,000 that had been deposited into an ICO wallet was found to have originated from an address that had previously been associated with thefts amounting to $300,000. The stolen money had been mainly converted to SOL, with nested services used for trading and money laundering.
High-profile hacks highlight persistent threats
After the common wallets, prominent hacks just keep rolling. An alleged U.S. government wallet was plundered of some $20 million, which included seized 2016 Bitfinex hack cash, as of early July reporting by Arkham Intelligence.
The assailant began the process of exchanging the stablecoins for ETH, likely for money laundering via addresses known for money laundering. Such occurrences remind one that, despite the security measures employed, funds are still vulnerable to attacks.
Also Read: Iran Offers Advanced Weapons for Crypto to Bypass Global Sanctions
