Barely does January 2026 appear on the calendar when hackers have already started the ball rolling. And not with discreet or isolated hacking. No. This time, hundreds of wallets on EVM networks were emptied, silently, methodically. Low amounts per victim, but a broad-spectrum operation which highlights a much larger flaw. The crypto-sphere, barely recovered from its demons of 2025, is restarting its year under high tension.
In brief
- EVM wallets have lost less than $2,000 each, but the attack is massive.
- MetaMask phishing via fraudulent email appears to be the initial vector of this new attack.
- The suspicious address raised more than $107,000 according to on-chain investigator ZachXBT.
- The case is reminiscent of the Trust Wallet hack caused by a compromised npm package in December.
The silent heist: EVM wallets siphoned off with a scalpel
ZachXBT, the famous on-chain investigator, sounded the alert on Telegram: a mysterious attack is currently siphoning off wallets on several EVM chains. The suspicious address, identified as the collection point, has already collected more than $107,000, according to his estimates. The modus operandi is intriguing: each targeted crypto wallet loses less than $2,000, an amount discreet enough to go under the radar, but formidable due to mass effect.
“ This looks like broad-spectrum automated mining “, explains Hackless, Web3 cybersecurity provider, in a warning published on X.
The objective does not seem to be a coup, but a long series of small targeted theftswhich capitalize on the weariness of victims in tracking down each unauthorized cross-country exit. Some experts are already talking about a strategy worthy of a digital parasite: slow, lurking in the shadows, but capable of bringing down an entire ecosystem with invisible bites.
But the warning does not stop there. Vladimir S., cybersecurity analyst, quotes another user : a fake MetaMask email, encouraging an update, would have been the Trojan horse of this attack. This new generation phishing plays on confusion and habit, two human flaws that are still too little corrected in crypto.
The other crypto virus: the flaws in the chains of trust
The blow is reminiscent of another event still burning in people's memories: the Trust Wallet hack that occurred on December 25, 2025, causing damage of $7 million. Again, the source was not a genius hacker, but a supply chain attack, dubbed “Sha1-Hulud.” NPM packages, commonly used to code blockchain applications, had been contaminated.
This trapped code then allowed the attacker to penetrate the project's GitHub environment, steal developer secrets, and publish a corrupted version of the extension on the Chrome Web Store. Result: 2,596 compromised wallets.
What if this scenario repeated itself? For @anndylian, Web3 expert, internal leads should not be excluded: “ This kind of 'hack' is not natural. Chances are an insider is involved “.
What to remember from the EVM wallet attack
- $107,000 stolen from various wallets since the beginning of January 2026;
- A fraudulent MetaMask email suspected of having triggered the siphoning;
- Trust Wallet hack in December: 7 million stolen via an infected npm;
- 2,596 wallets affected at Christmas, possibly by a fake Chrome plugin;
- The hypothesis of an internal agent mentioned by several specialists;
The year 2025 has not been kind to the crypto industry. Chilling figures are circulating in the digital corridors: $3.4 billion stolen in hacks and scams, according to several observers. A dark year, some say. And now 2026 starts as a remake. It seems that crypto must now learn to live with its digital ghosts.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
