2026-01-04 11:22:01

Recently, on-chain security analysts announced a large-scale wallet theft incident — with losses exceeding $107,000, involving hundreds of accounts.

The tactics used in this attack are different from previous ones. The hacker did not target a single large account but adopted a "scattergun" approach: stealing a small amount from hundreds of wallets, each time no more than $2,000. The benefits are obvious — it’s less likely to trigger risk alerts, yet the accumulation can lead to staggering total losses.

Why was it successful? Timing was crucial. During the New Year holiday, many developers and customer service staff were on leave, and promotional emails flooded users’ inboxes, naturally lowering their vigilance. The hacker seized this window and sent a highly realistic phishing email.

The email featured a holiday-themed logo, with a "Mandatory Update + Happy New Year" subject to create a false sense of urgency. The sender appeared to be associated with a well-known wallet. More cunningly, the "Unsubscribe" link pointed to a legitimate marketing platform, making it easier for users to let their guard down. The main bait was to get users to click the link and sign a malicious contract authorization.

Once signed, the hacker gained permission to transfer specific tokens from that wallet — without needing to steal the seed phrase.

Looking at larger data, the situation is also not optimistic. By 2025, there have been approximately 158,000 personal wallet theft cases, affecting at least 80,000 people, with stolen assets totaling around $713 million. Although the average value per case is decreasing, the number of theft cases is surging, reflecting a change in hacker strategies.

The overall trend is that token theft attacks are increasingly shifting toward a "small amount, high frequency" pattern. For individual investors, besides basic vigilance (not clicking suspicious links, not revealing seed phrases), it’s also essential to strengthen operational verification and establish multi-layer protection. Because true security is not about eliminating all risks but about keeping potential losses within a tolerable range.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

10 Likes

Reward
10
7
Repost
Share

Comment

0/400

BlockchainBrokenPromise

· 22h ago

Oh no, here we go again. I've seen enough phishing emails to not be surprised anymore. --- The contract authorization part is really top-notch. Most people don't even realize what they are signing. --- Hackers are becoming more and more sophisticated with small, frequent transactions. Retail investors are defenseless. --- Relaxing during the New Year holiday is indeed a weak point. Next time, I need to stay alert during holidays. --- $713 million... this number is hard to believe. It feels like new highs are being hit every month. --- Basically, think twice before signing multi-signature contracts. Don't rush to click unsubscribe. --- Cases starting from 158,000 are truly crazy. If this pace continues, who would dare to play? --- I just want to know why it's so hard to distinguish those emails claiming to be official. --- Multi-layer protection sounds easy to say, but where do ordinary people get the energy to guard against it every day? --- It's fine if you don't give the mnemonic phrase, but these malicious authorizations are really unpreventable.

View OriginalReply0

MemeCurator

· 01-05 12:48

The New Year holiday trick is really clever; take advantage while people are relaxing. Come on, the email's unsubscribe link actually points to a genuine link—such details... Hackers are really becoming more professional now. The small-amount multiple transactions tactic, it feels hard to defend against. Another contract authorization trap, everyone needs to be extra careful. Starting from 158,000? That number is a bit scary; I need to check my authorizations quickly. If this keeps up, no one will be able to escape.

View OriginalReply0

ChainSauceMaster

· 01-04 11:50

Did you get phished during the New Year holiday? This hacker really knows how to pick the timing... --- Contract authorization is truly the most invisible knife; as long as the mnemonic phrase isn't leaked, it's gone. --- The small-amount high-frequency scam is so ruthless. The average loss is actually less, but the number of victims has exploded. Is this the "gift" of the New Year? --- Does the unsubscribe link point to a real platform? I rely on how meticulous this detail is to think about it. --- Fortunately, I usually don't trust any email links, but looking at these numbers... 80,000 people, it's a bit creepy. --- Widespread phishing to steal coins is truly hard to defend against. Multi-layer protection sounds easy to say, but it's exhausting to implement. --- Holiday logo forced updates—this combo technique is practically an art form for social engineering. --- $713 million... We're only halfway through 2025, and it's already like this. We need to stay vigilant, everyone.

View OriginalReply0

QuietlyStaking

· 01-04 11:38

This trick is really clever, using small amounts and high frequency to avoid the risk system... Damn, during holidays it's really hard to defend against everything, a bunch of spam emails just let your guard down I was just saying, hackers are getting more and more sophisticated, just clicking links is no longer enough 7.13 billion... this number is a bit scary, I need to re-evaluate my security strategy Contract authorization is the most deadly part, you don't even need your mnemonic phrase, and you're doomed I have to admit, this wave of attacks targets the weakest point in group defense Multi-layer protection is really not just talk, now it must be taken seriously

View OriginalReply0

AlphaBrain

· 01-04 11:37

The New Year holiday trick is really ruthless, just waiting for you to let your guard down Another wave of "small amount, high frequency" coin thefts, hackers are getting smarter Many people really don't pay attention to contract authorization, and it's gone in a flash $713 million... just hearing it makes me despair, why are so many people falling for it Phishing emails are so convincing that I have to double-check the sender Still, as I always say, not clicking on links can really prevent more than half of the problems

View OriginalReply0

LiquidatedDreams

· 01-04 11:24

Pretending to sign an authorization and it's gone, the contract black hole is really invincible... --- It's the holiday again, hackers really timed it perfectly. --- I'm convinced by the small-amount high-frequency strategy, snatching rewards one by one is less likely to be detected. --- The unsubscribe link points to a real platform? Damn, this detail is brilliant. --- Case of theft starting from 158,000 yuan... I think I might have been caught in the crossfire. --- Basically, don't click on random links, but who can really do that these days? --- Multiple layers of protection sound easy to implement but are annoying to do, but getting robbed is even more annoying. --- Losing $713 million just like that, terrifying. --- I don't trust any emails now, even if it's a real wallet, I ask in the group first.

View OriginalReply0

OnChainDetective

· 01-04 11:23

No more than $2000 each time? This is definitely a vampire-like siphoning mode at the dealer level, wide net + small high-frequency transactions = a perfect strategy to evade monitoring. The contract authorization part is the truly terrifying aspect. They can directly withdraw your coins without needing your mnemonic phrase... Want to trace the on-chain evidence? Let's see the flow of these hacker wallet clusters. Starting from 158,000? 7.13 billion? The data tells me the truth — they shifted from dealer-level operations to retail harvesting, with higher efficiency and lower risk. This is the optimization of capital flow. The holiday window was precisely targeted. Is this based on data analysis or is there an insider? I bet five ETH that this is not random.

View OriginalReply0