TLDR
- More than 500 dormant Ethereum wallets were drained after years of little or no activity.
- Over 260 ETH moved into an Etherscan-tagged address linked to suspected phishing activity.
- The total loss is near $800,000, but the exact attack path remains unclear.
- Researchers are checking old keys, seed phrases, legacy tools, and weak key storage risks.
- Users are urged to move old funds using fresh wallets and trusted hardware devices.
More than 500 old Ethereum wallets were drained in a new crypto security case. The wallets had stayed inactive for years before funds moved to one tagged address. Reports said over 260 ETH vanished, worth about $600,000. Total losses may be near $800,000.
Dormant Ethereum Wallets Drained After Years of Silence
Hundreds of Ethereum wallets were emptied after long periods of no activity. Some wallets had been idle for four to eight years. The case was first flagged on X by WazzCrypto on April 30. CryptoSlate later reported the wider wallet drain.
The stolen funds moved into an Etherscan-labeled address called Fake_Phishing2831105. That address showed hundreds of transactions linked to the drain. It also recorded a 324.741 ETH transfer to THORChain Router v4.1.1. The movement happened around the April 30 window.
The reason for the breach is still unknown. Researchers have not confirmed one clear attack method. They are reviewing old private keys, seed phrases, and wallet tools. They are also checking past key storage risks.
One affected user raised doubts about old password manager exposure. The user pointed to a LastPass-related theory. “The LastPass theory may be possible,” the user suggested with doubts. However, no public proof has confirmed that claim.
Key Exposure Remains Main Focus
The wallet drain appears different from many DeFi hacks. Protocol attacks often involve smart contract bugs or admin actions. This case points more toward private key exposure. That makes the investigation harder for users and researchers.
A wallet can remain at risk even when it is inactive. Old funds still depend on the safety of the original seed phrase. They also depend on every device and app that handled the key. Any past leak can become a present threat.
Public theories include weak key generation and old wallet software. Some users also mentioned trading bots and unsafe storage habits. Others asked whether old recovery phrases were saved online. These claims remain unconfirmed.
Security advice has focused on fresh key material. Users are urged not to enter old seeds into unknown tools. They should avoid checkers, scripts, and recovery websites. Fresh wallets and trusted hardware devices may reduce risk.
Wider Crypto Security Pressure Grows
The Ethereum wallet drain came during a busy period for crypto attacks. April already saw large losses across DeFi platforms. Reports linked the month to more than $625 million in stolen funds. A live DefiLlama figure cited $635,241,950 across 28 incidents.
Wasabi Protocol was also hit on April 30. Reports said attackers used admin authority and proxy upgrades. The loss was estimated between $4.5 million and $5.5 million. That case raised fresh concern about privileged keys.
Drift also faced a major security event linked to signer workflow. Reports cited social engineering, durable nonce transactions, and governance changes. Blockaid placed the loss near $285 million. The case showed how valid signatures can be abused.
The dormant wallet hack remains unresolved. No confirmed link connects all affected wallets beyond fund movement. For now, users with old Ethereum wallets face a clear warning. Old keys should be treated as active security risks.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
