An Ethereum hack has affected hundreds of users with inactive wallets. With losses exceeding $800.000, the crypto community is investigating this critical security breach.
Between April 30 and May 1, more than 500 wallets that had been inactive for periods of between four and eight years were suddenly emptied. The attack, initially detected by on-chain researcher @WazzCrypto, has resulted in the loss of approximately $800.000 in digital assets.
The funds, which include more than 260 ETH and various tokens, were consolidated into an address identified on Etherscan under the label «Fake_Phishing2831105»Shortly after the harvest, the attacker moved 324,74 ETH to THORChain, a cross-chain exchange protocol that is often used to fragment the transaction trail and make it harder for authorities to recover stolen assets.
Access crypto securely hereA past flaw exposed dormant wallets on Ethereum
Beyond the movement of funds, the investigation is now focused on the source of the vulnerability. According to sources, this security incident stemmed from a compromise located directly within the wallet layer, not from smart contract exploits.
The affected wallets belong to an older generation of users, suggesting that the attack vector is related to how the wallets were generated or stored. private keys nearly a decade ago.
Blockchain analyst WazzCrypto, who first raised the alarm on social media, indicated that these accounts were not newly created "hot wallets," but rather assets with a history linked to tools from an earlier stage of the network. Other independent researchers suggest that the origin could lie in weak entropy in wallet creation applications from that era, which makes private keys predictable or vulnerable to modern brute-force attacks.
The user community is speculating about the origin of this attack, and one of the most technically sound hypotheses points to... historical leaks of password managers.
Some users, like @TheTakenUser, they pointed out The seed phrases for the affected wallets were stored on services like LastPass, which suffered critical security breaches in previous years. Since the funds remained static for so long, it's likely the attackers were processing leaked databases until they found the keys corresponding to these wallets with balances.
Meanwhile, the use of THORChain for the withdrawal of funds confirms a professional execution, designed to break the traceability offered by the Ethereum block explorer and turn the loot into assets that are difficult to trace. Is it really safe to leave funds in an old address without updating its security settings? The events that occurred this week demonstrate that the answer is a resounding no.
Don't expose yourself: trade crypto hereA reminder about the risk of prolonged inactivity
Holding cryptocurrency funds inactive does not equate to having them protected, as inactivity does not mitigate the risk of an exposed private key. In fact, this security event shatters the perception that long-term storage is foolproof if the root of the security—the seed phrase—was generated with outdated software or digitally exposed at some point in recent years.
This recent security incident follows several exploits that damaged the perceived security of the ecosystem last April, during which the industry recorded losses exceeding $625 million due to infrastructure failures and protocol management errors. However, while recent attacks such as those of Drift Protocol o KelpDAO These incidents occurred due to the exploitation of code or infrastructure errors; the recent draining of 500 ETH wallets points directly to the custody of private keys.
For those with wallets created between 2016 and 2022, the forensic report recommendation is clear: immediate migration is the only reliable solution. Changing passwords or revoking smart contract approvals is not enough; it's necessary to generate a new seed phrase from a trusted hardware device and transfer all assets.
Furthermore, according to experts, it is imperative to avoid any web tool that promises to check if an account is vulnerable or facilitate recovery, as these sites are often phishing platforms designed to capture any remaining keys.
This fact demonstrates, once again, that security in the cryptocurrency market is not a static state, but a constant practice of updating in response to computing capabilities and data leaks that can now decipher what years ago was considered impregnable.
Certificate
Blockchain Course
Basic levelTake this course where we explain blockchain in a clear, simple and concise way so that you have a very clear idea of what this new technology consists of.
