ZachXBT Flags First Major EVM Exploit of 2024, Draining Roughly $107 K from Hundreds of Wallets
On‑chain researcher ZachXBT reported a cross‑chain attack that has siphoned more than $100,000 from over 200 user wallets across multiple Ethereum Virtual Machine (EVM) networks. The incident, first disclosed in a Telegram post on 27 January, is still under investigation.
What happened?
- Scope of the breach – The exploit affected wallets on at least 20 EVM‑compatible blockchains. The total value taken is estimated at $107,000, with each compromised account holding under $2,000 on average.
- Funds flow – Transaction data tracked by analytics platform deBank shows the attacker’s primary address accumulated a peak balance of about $109,000 before redistributing the assets. The majority of the stolen value originated from Ethereum (≈ $55 k) and Binance Smart Chain (≈ $25 k).
- Current status – The malicious wallet remains active, receiving small intermittent deposits ranging from a few cents to a couple of dollars. At the time of writing the address retains roughly $7,000, still heavily weighted toward ETH and BNB assets.
The report was posted less than 24 hours after the start of the new year, making it the first sizable on‑chain exploit recorded for 2024.
Technical clues
ZachXBT’s analysis points to a repeated pattern of low‑value transfers that blend with normal network traffic, a technique that complicates real‑time detection. The attacker appears to be exploiting a contract or a set of contracts that interact with multiple EVM chains, allowing the same exploit vector to be reused across disparate ecosystems.
Context within recent high‑profile hacks
The incident follows a recent, larger breach of the Flow blockchain – the platform behind CryptoKitties and NBA Top Shot – which suffered a loss of nearly $4 million and a 40 % drop in token price. While the Flow exploit involved a different architecture, both events underscore the persistent risk of cross‑chain vulnerabilities in rapidly evolving DeFi infrastructures.
Analysis
- Cross‑chain exposure – The use of a single exploit across dozens of EVM networks highlights how a vulnerability in a widely deployed smart‑contract library or a common tooling component can amplify impact.
- Targeting low‑value wallets – By focusing on accounts with modest balances, the attacker reduces the likelihood of immediate scrutiny and may be attempting to aggregate a larger sum over time without triggering alerts on any single chain.
- Liquidity management – The attacker’s pattern of moving only a fraction of the accumulated funds to a new address suggests a deliberate effort to obscure the trail and avoid triggering large‑scale red‑flagging mechanisms on analytics platforms.
- Community response – Early reporting by independent sleuths like ZachXBT remains crucial for rapid containment. However, the ongoing nature of the drain indicates that mitigation steps (e.g., contract patches, wallet freezes) are either not yet in place or insufficient.
Key takeaways
- Be vigilant – Users with modest holdings on EVM‑compatible chains should monitor wallet activity closely and consider additional security layers (hardware wallets, multisig, transaction alerts).
- Audit contracts – Developers deploying cross‑chain or multi‑network contracts need to prioritize security audits that cover the full breadth of supported chains.
- Rapid intelligence sharing – Platforms and researchers must continue to disseminate early findings to give projects a chance to respond before exploits proliferate.
- Potential for escalation – Although the current loss is relatively small compared to past high‑profile hacks, the technique demonstrated could be repurposed for larger attacks if the underlying vulnerability is not patched.
ZachXBT has not disclosed the exact smart‑contract vector used, and the exploit remains unresolved. Stakeholders are advised to keep an eye on further updates from on‑chain analysts and affected protocol teams as the investigation progresses.
Source: https://thedefiant.io/news/hacks/zachxbt-reports-evm-hack-affecting-hundreds-of-wallets
