The post What to check before you ‘update’ appeared on BitcoinEthereumNews.com.

On-chain security researcher ZachXBT flagged hundreds of wallets across multiple EVM chains getting drained for small amounts, typically under $2,000 per victim, funneling into a single suspicious address. The theft total climbed past $107,000 and kept rising. The root cause is still unknown, but users reported receiving a phishing email disguised as a mandatory MetaMask upgrade, complete with a party-hat fox logo and a “Happy New Year!” subject line. This attack arrived when developers were on holiday, support channels were running skeleton crews, and users were scrolling through inboxes cluttered with New Year promotions. Attackers exploit that window. The small per-victim amounts suggest the drainer operates off contract approvals rather than full seed-phrase compromise in many cases, which keeps individual losses below the threshold where victims immediately sound alarms but allows the attacker to scale across hundreds of wallets. The industry is still processing a separate Trust Wallet browser extension incident in which malicious code in Chrome extension v2.68 harvested private keys and drained at least $8.5 million from 2,520 wallets before Trust Wallet patched to v2.69. Two different exploits, same lesson: user endpoints remain the weakest link. Anatomy of a phishing email that works The MetaMask-themed phishing email demonstrates why these attacks succeed. The sender identity shows “MetaLiveChain,” a name that sounds vaguely DeFi-adjacent but has no connection to MetaMask. The email header contains an unsubscribe link for “[email protected],” revealing that the attacker lifted templates from legitimate marketing campaigns. The body features MetaMask’s fox logo wearing a party hat, blending seasonal cheer with manufactured urgency about a “mandatory update.” That combination bypasses the heuristics most users apply to obvious scams. The phishing email impersonates MetaMask with a party-hat fox logo, falsely claiming a “mandatory” 2026 system upgrade is required for account access. MetaMask’s official security documentation establishes clear rules.…

---

Filed under: News - @ January 3, 2026 10:57 pm