An automated exploit has targeted Ethereum Virtual Machine (EVM) compatible wallets, siphoning less than $2,000 from each of hundreds of addresses, according to on‐chain analyst ZachXBT. The widespread nature of the attack, spanning multiple networks, suggests that sophisticated scripts were deployed to search for unlocked wallets and authorized contract approvals, enabling rapid value extraction.
Investigations indicate that the breach may be connected to the December compromise of the Trust Wallet browser extension, in which the attack vector involved a supply chain incident that exposed private keys via code injection. Security researchers have linked the recent drains to a spoofed email phishing campaign, masquerading as official MetaMask communications, designed to trick users into granting malicious contract permissions.
Cybersecurity specialist Vladimir S. highlighted that the attacker likely leveraged insider knowledge or leaked credentials to bypass standard security checks. Once users accepted the approval prompts, automated bots executed transactions to transfer tokens into the exploit address. Incidents of this nature underscore the persistent threats facing self‐custody wallets when smart contract approvals are not routinely audited or revoked after use.
As a mitigation measure, experts advise wallet holders to conduct regular audits of their list of approved smart contracts and to use hardware devices or multisig solutions for high‐value funds. Platforms such as Revoke.cash and Etherscan’s allowance checker offer tools to view and revoke unwanted permissions. Meanwhile, the Trust Wallet team has committed to reimbursing victims while implementing code‐hardening measures and supply chain security protocols to prevent future incidents.
The exploit illustrates that, despite advances in decentralization and encryption, human factors and procurement practices remain critical vulnerabilities. The evolving threat landscape is likely to drive broader adoption of best practices, including on-chain analytics for anomaly detection and the integration of automated alert systems for unauthorized transactions, as the security community strives to reduce the window of opportunity for bad actors.
Comments (0)