A coordinated wave of cryptocurrency theft is unfolding quietly across multiple blockchain networks, targeting everyday users rather than high-profile wallets.
While no single incident appears catastrophic on its own, the cumulative impact is becoming increasingly difficult to ignore.
Blockchain investigator ZachXBT has flagged an ongoing series of wallet-draining incidents affecting hundreds of addresses across EVM-compatible chains. The defining characteristic of the attack is its scale-by-volume approach. Most victims lose less than $2,000, an amount small enough to avoid immediate alarm, yet large enough to add up quickly when repeated hundreds of times.
So far, on-chain analysis estimates that approximately $107,000 has been drained. That number continues to rise as new compromised wallets are identified. The activity was highlighted publicly through an aggregated dashboard shared by ZachXBT and later amplified by the broader security community.
HACKERS ARE QUIETLY STEALING FUNDS FROM EVERYDAY WALLETS ACROSS EVM CHAINS🚨
Researcher ZachXBT warns that hundreds of wallets are being drained across multiple EVM networks.
Most victims lose small amounts (under $2K), but the total stolen has already reached $107K.
The exact… pic.twitter.com/Jl6DcI0JqE
— Zia ul Haque (@ImZiaulHaque) January 2, 2026
What makes the situation notable is not just the losses, but the method. This is not a smash-and-grab exploit. It is a slow bleed.
A Strategy Built On Staying Below The Radar
The attack appears deliberately structured to evade attention. Instead of targeting large treasuries or whales, the attacker focuses on low-value wallets, draining small balances from many users rather than emptying a few accounts entirely.
Most affected users lose amounts well below thresholds that typically trigger urgent investigations or exchange-level alerts. This strategy reduces visibility while maintaining a steady flow of stolen funds.
From a behavioral perspective, this approach exploits a gap in user response. Many victims may assume the loss is a mistake, a failed transaction, or user error. Others may not notice immediately at all. By the time patterns emerge, the activity has already spread across networks.
This tactic also complicates attribution. Individual reports feel isolated. Only when aggregated does the scope become clear.
Ethereum And BNB Chain See The Heaviest Losses
As investigators traced the stolen funds, a clear multi-chain footprint emerged. Rather than focusing on a single ecosystem, the attacker operates across multiple EVM-compatible networks, suggesting tooling designed for broad reuse rather than chain-specific exploits.
According to the data compiled from ZachXBT’s dashboard, Ethereum accounts for the largest share of losses, with approximately $54,655 drained so far. BNB Chain follows with around $25,545 stolen.
Additional networks have also been affected. Base has recorded roughly $8,688 in losses, while Arbitrum has seen about $6,273 drained. Polygon follows with approximately $3,498 in confirmed losses.
Beyond these major networks, smaller amounts have been siphoned from Optimism, Ink, Zora, Linea, and Manta Pacific. While the dollar figures on these chains are lower, their inclusion reinforces the conclusion that this is not an isolated incident tied to one ecosystem.
Instead, it points to a repeatable process applied wherever compatible infrastructure exists.
Automation Signals A Systematic Attack
One of the most concerning aspects of the activity is how methodical it appears. The drains follow a consistent pattern: small, precise withdrawals executed across a wide set of addresses.
This consistency strongly suggests automation rather than manual wallet compromises. Funds are extracted in increments that avoid triggering immediate suspicion, indicating that the attacker understands both technical mechanics and user behavior.
Investigators have raised several possibilities. The drains could stem from compromised private keys, reused seed phrases, malicious signing behavior, or abuse of existing token approvals. Another possibility is interaction with a malicious contract that silently retains spending permissions.
However, despite extensive analysis, no confirmed root cause has been identified. ZachXBT has stated that no specific wallet provider, browser extension, or decentralized application has been conclusively linked to the drains so far.
That absence of a clear source adds to the risk. Without a known vector, users cannot easily determine whether they are exposed.
Why Small Losses Can Mask Big Security Risks
At first glance, a $100 or $500 loss may seem insignificant in an industry accustomed to nine-figure hacks. But this mindset is exactly what makes low-value wallet drains dangerous.
When attackers scale horizontally instead of vertically, they can extract meaningful value without ever tripping major alarms. The $107,000 figure currently attributed to this campaign is already substantial, and it represents only wallets identified so far.
More importantly, the approach erodes trust at the edges of the ecosystem. Retail users are often the least equipped to investigate on-chain activity or understand how a drain occurred. Repeated incidents like this normalize loss and discourage participation.
From a security standpoint, these attacks test detection systems. If hundreds of small drains can occur across chains without triggering automated warnings, it highlights gaps in monitoring infrastructure and user education.
What Users And Investigators Are Watching Next
For now, the investigation remains open-ended. Analysts continue to cluster affected wallets, trace fund flows, and look for common interaction points that might reveal the entry vector.
In the absence of definitive answers, security experts are urging users to take basic precautions: review active token approvals, avoid signing unfamiliar transactions, rotate wallets used for daily activity, and treat unexpected prompts with caution.
The broader takeaway is sobering. As blockchain ecosystems mature, attackers adapt. Not every threat arrives as a headline-grabbing exploit. Some arrive quietly, one wallet at a time.
ZachXBT’s findings underscore the importance of aggregation and vigilance. Individually, these incidents look small. Collectively, they reveal a coordinated effort exploiting scale, automation, and user blind spots.
The losses may still be measured in six figures, but the lesson is larger. In a multi-chain world, security failures do not need to be dramatic to be effective. They only need to be persistent.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
Source: https://nulltx.com/low-value-wallet-drains-spread-quietly-across-evm-chains/