The cryptocurrency community is facing a troubling wave of attacks that have compromised hundreds of wallets across Ethereum-compatible (EVM) chains. According to the blockchain investigator ZachXBT, these unauthorized withdrawals have led to the loss of approximately $107,000, with the total expected to rise as the attacks persist.
The attacker appears to be strategically zeroing in on low-balance accounts, targeting wallets that typically hold less than $2,000. While the individual losses may seem minor, the cumulative effect is significant as more users report compromised assets. ZachXBT flagged a suspicious address, 0xAc2e5153170278e24667a580baEa056ad8Bf9bFB, which is believed to be connected to this alarming activity. However, the method of access remains a mystery, raising concerns about ongoing vulnerabilities within the affected chains.
As the investigation continues, victims are expressing frustration, reporting unauthorized withdrawals from their wallets. The absence of clarity on how the attack is executed only exacerbates fears of further exploitation.
Trust Wallet Experiences Breach Linked to Extension Update
In a separate incident, Trust Wallet experienced a breach related to its browser extension version 2.68. The company disclosed that a flaw in its release process enabled an attacker to exploit exposed secrets on GitHub. This led to the launch of a malicious extension, which included a backdoor that allowed the extraction of wallet mnemonic phrases, sending them directly to a harmful server.
Approximately one million users were affected, as prompts to upgrade to version 2.69 followed the emergence of the compromised extension in the Chrome Store. Trust Wallet’s CEO, Eowyn Chen, explained that the update was necessary due to a platform issue during the previous release. The new version features enhanced verification capabilities, designed to assist users with reimbursement claims. Trust Wallet reported around $7 million in losses resulting from this incident and began compensating users shortly thereafter.
Increasing Cyber Threats During December, FBI Issues Warnings
The rise in crypto-related exploits is not limited to individual incidents. Blockchain security firm PeckShield revealed that December saw 26 separate security breaches, with a total loss of $76 million. Though this amount is lower than the staggering $194.27 million lost in November, these ongoing threats remain perilous for the industry.
Researchers noted advancements in malicious tools, such as the new malware version called Shai-Hulud 3.0, which emphasizes obfuscation and compatibility to extend its operational lifespan without introducing new techniques. Attackers are reportedly obfuscating their stolen assets through services like Tornado Cash, Railgun, and THORChain, complicating traceability for investigators.
Reflecting the increasing risks, the FBI has alerted the public to rising phishing and non-delivery scams typically more pronounced during the holiday season. These scams have led to an alarming $785 million in annual losses, compounded by an additional $199 million in credit card fraud, emphasizing the pressing issue of cybercrime.
According to estimates from Chainalysis and TRM Labs, crypto thefts reached an unprecedented $2.7 billion in 2023, marking the highest yearly total on record. Notably, around $1.4 billion was stolen in a single breach affecting the Dubai-based exchange Bybit, further illustrating the vulnerabilities within the crypto landscape. Additionally, state-backed entities from North Korea are believed to have pilfered over $2 billion in cryptocurrencies over the past year, utilizing these funds to advance their programs in defiance of international sanctions.
As the crypto community grapples with these ongoing threats, the need for heightened security measures and awareness among users has never been more critical.
