Most of the stolen funds are concentrated on three networks: Ethereum, BNB Chain, and Base.
Hackers have drained hundreds of cryptocurrency wallets across multiple Ethereum Virtual Machine (EVM) blockchains in an ongoing exploit that investigators say remains unresolved.
On-chain analyst ZachXBT reported that the coordinated attack has already led to more than $107,000 in stolen user funds, with losses continuing to mount.
According to the investigator, the attackers have focused primarily on wallets holding relatively small balances, often with less than $2,000 worth of crypto assets. While individual losses remain limited, the cumulative impact continues to grow.
The exact cause of the attack has yet to be identified. However, ZachXBT cautioned that the situation could escalate into a more serious threat if left unresolved. At the time of reporting, attackers had already made away with more than $107,000 in user funds.
Data shows that most of the stolen funds were distributed across three major networks, with Ethereum accounting for 51% of the losses, followed by BNB Chain at 24% and Base at 8%. The remaining funds were spread across other EVM-compatible chains.
Trust Wallet, a cryptocurrency wallet owned by Binance founder Changpeng Zhao, has suffered a security breach that led to the confirmed theft of at least $7 million in cryptocurrencies. Zhao, widely known as CZ, assured users that the platform will fully cover the losses of everyone affected by the incident.
Investigations suggested the vulnerability stemmed from deliberate actions tied to an internal compromise affecting Chrome extension version 2.68. Although the issue has since been fixed, reports indicate that some users may still be affected.
Crypto investigator ZachXBT reported that hundreds of Trust Wallet users were impacted by the vulnerability, highlighting the widespread nature of the breach and the potential risks facing users of self-custodial wallets.
The breach originated from a flaw in a version of the Trust Wallet Google Chrome browser extension. Developers have urged users to immediately disable the compromised version and update to the latest release to secure their accounts.
