Small Losses, Wide Impact Raise New Cybersecurity Alarms
Hundreds of Ethereum Virtual Machine (EVM) wallets have been quietly drained in a coordinated attack that targeted users across multiple blockchain networks. While individual losses were relatively small, the scale and automation of the exploit have raised serious concerns about wallet security and phishing-based attacks in the crypto ecosystem.
Onchain investigators report that each affected wallet lost less than $2,000, suggesting a strategy designed to avoid immediate detection while maximizing reach. The activity spans several EVM-compatible chains, pointing to a broad, non-chain-specific exploit rather than a single protocol failure.
Cybersecurity researchers believe the attack may have been triggered by spoofed emails impersonating MetaMask. These fraudulent messages likely tricked users into approving malicious transactions or signing harmful permissions, enabling attackers to siphon funds automatically.
The spoofed MetaMask email might be the cause of the EVM wallet drain, according to Vladimir S:
The incident is potentially connected to the December Trust Wallet breach, which resulted in $7 million in losses after a compromised browser extension was distributed through official channels. That attack stemmed from a supply chain compromise and leaked developer secrets, allowing attackers deep access to wallet infrastructure.
Security experts warn that automated, low-value exploits are becoming more common. Users are urged to revoke unnecessary smart contract approvals and remain vigilant against phishing attempts as threats continue to evolve.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.