Active EVM Drainer Sweeps $107K in ‘Dust’ Attack; Links to Trust Wallet Exploit Surface
A low-value ‘dust’ sweeping campaign is actively draining EVM wallets, with on-chain data linking the $107K theft to the recent Trust Wallet supply chain compromise.
The Attack Vector: Thousands of Cuts
Hundreds of EVM-compatible wallets are actively bleeding liquidity today in a sophisticated cross-chain sweeping campaign. Blockchain sleuth ZachXBT issued an alert early Friday, confirming over $107,000 has been siphoned from users across Ethereum, BNB Chain, and Arbitrum. The attack is ongoing.
The numbers look small per victim, but the aggregate is climbing. Unlike flash loan exploits that target protocol treasuries for millions, this campaign targets individual users for amounts typically under $2,000. This strategy, often called “dust sweeping”, avoids triggering automated security alerts at major centralized exchanges, allowing the attacker to launder funds before blacklists engage.
Ethereum users have taken the heaviest hit (~$54,655), followed by BNB Chain (~$25,545) and Base (~$8,688). Funds are being funneled to a single consolidation address: 0xAc2e...9bFB.
The Receipt: A Supply Chain Ghost
While ZachXBT noted the specific root cause of today’s drain remains technically unconfirmed, on-chain evidence points to a familiar vector. Analytics firms have linked the destination address to the Trust Wallet Chrome extension compromise (version 2.68) that struck over the Christmas holiday.
The “Shai-Hulud” supply chain attack, which originally drained ~$7 million between December 24 and 26, 2025, appears to be the source. The current activity likely represents a delayed sweep of smaller, overlooked balances from that same compromised cohort. Security firm Nansen corroborated the link, identifying shared malware signatures between the events.
“It appears hundreds of wallets are currently being drained on various EVM chains for small amounts (<$2k total per victim) with a root cause not yet unidentified.” . ZachXBT
Market Impact & Institutional Context
The market reaction has been muted but wary. Ethereum (ETH) held steady at $2,994, shrugging off the retail-level losses. However, the persistence of the attack weighs on Trust Wallet Token (TWT), which traded flat at $0.87. The incident underscores a critical shift in cybercrime tactics: as protocol-level security hardens, attackers are pivoting to supply chain injections that compromise the user interface itself.
For users who had the Trust Wallet extension installed during the Dec 24–26 window, the directive remains absolute: migrate to a fresh seed phrase immediately. Revoking permissions is insufficient against a private key compromise.
