In recent days, hundreds of dormant wallets on the Ethereum blockchain—some untouched for up to 14 years—have suddenly been emptied, resulting in losses estimated at $800,000. On-chain analysts say the attackers managed to gain access using unknown methods, transferring stolen assets via ThorChain to obscure their tracks.
Rare targeting of long-inactive wallets
A striking detail is that most victimized wallets had lain idle for years, with their last recorded activity dating as far back as 2010. Even seasoned crypto users were among those affected. According to experts, these wallets had not interacted with any smart contracts or decentralized protocols in recent times. In a public post, the industry observer @WazzCrypto shared that they had received hundreds of similar complaints about compromised wallets.
Hundreds of wallets that had seen no activity for years were drained by the same address, creating unusually high on-chain activity.
This situation has heightened uncertainty about just how the secret keys of these wallets fell into the attackers’ hands. To safeguard their funds, users are being advised to move digital assets into newly created, secure wallets.
Evidence of losses and transfer tactics
On-chain data reveals that more than 500 wallets were targeted overall. The attackers not only extracted ETH, but also converted some of the assets into privacy-focused XMR (Monero). Other types of crypto tokens were present in the drained wallets, with indications that some transactions were carried out manually. Researchers noted that not all affected wallets were completely emptied; certain balances remained untouched.
Following the initial transfers, the stolen cryptocurrencies were moved through multiple platforms to obscure their origin. Similar tactics have been observed in past hacks involving DeFi protocol breaches. From the Ethereum blockchain, roughly 324.7 ETH was transferred via ThorChain into the Bitcoin network as wrapped assets. Another address was found to be holding $32,000 worth of ETH and digital assets equivalent to 9.56 BTC.
Possible causes and security gaps
Experts have yet to pinpoint a definitive cause for the attack. Theories include the use of private keys from lists leaked online years ago or the exploitation of vulnerabilities in outdated Electrum wallets. Some affected wallets may have corresponded to addresses compromised in historical key leaks.
Past incidents, such as the LastPass data breach and other platform vulnerabilities, had also paved the way for similar wallet-draining attacks. More recently, hacks involving Bitwarden and supply chain breaches through npm (Node Package Manager) have further highlighted the risks facing so-called “hot” wallets.
There is also speculation that certain trading bot apps, which prompt users to input their private keys, may play a role in enabling such compromises. The lack of recent activity in most victim wallets is making it particularly hard for investigators to determine the origin of the breach.
These incidents have reignited the debate over security in decentralized finance and major blockchains. The risks of storing significant digital funds in wallets left unused for years are once again in the spotlight for the crypto community.
