A coordinated exploit is actively draining funds from hundreds of EVM-compatible wallets across Ethereum, BNB Chain, Polygon, and other networks, with cumulative losses exceeding $107,000. The attack is tied to sophisticated phishing and fake “update” prompts — bogus MetaMask upgrade emails that trick users into signing malicious approvals. Individual losses are typically under $2,000, keeping the exploit below many users’ alarm thresholds while allowing the attacker to scale widely across self-custodial wallets.
What This Means
For high-net-worth individuals, private equity principals, and digital asset holders, this incident underscores that self-custody is not inherently safe without rigorous endpoint protection and process controls. Traditional risk models for digital assets often focus on exchange hacks or smart contract exploits — this event shows that social engineering combined with contract approval misuse can quietly siphon funds without a conventional system breach. For PE firms conducting diligence, this highlights the need to stress-test crypto custody systems, counterparty security hygiene, and executive crypto practices before deploying capital.
What To Do Next
- Audit wallet approvals immediately: Use tools like Revoke.cash or native wallet approval dashboards to revoke unnecessary token permissions.
- Segregate holdings: Move significant assets into hardware wallets or multi-sig cold storage and limit hot wallet balances to operational needs only.
- Verify all communications: Treat any unsolicited emails claiming to be from wallet providers with extreme skepticism — verify source domains and never sign transactions from email prompts.
- Enforce spending caps: Set sensible spending limits on contract approvals instead of blanket unlimited permissions.
- Deploy defense-in-depth: Add transaction alerts, on-device signing restrictions, and anomaly detection tools for high-value accounts.
- Institutional controls: Before allocating capital into new protocols or counterparties, require evidence of mature cryptographic key management and incident response readiness.