>A single Ethereum address drained over 261 ETH (roughly $590,000) from hundreds of wallets on Wednesday. Most of those wallets had sat dormant for seven or more years.
…
On-chain data reveals a clear pattern. Small and large ETH amounts flowed into the drainer from wallets inactive since 2018 or earlier. The attacker then routed funds through bridges and swaps. THORChain, Across, Squid, Uniswap V2/V3, and Magpie Router all appeared in the flow. Notably, no mixer activity showed up, suggesting speed over obfuscation.
…
This is not a smart-contract exploit or an approval-based drainer. The attacker moved ETH directly from victim wallets, which means they likely held the private keys.
Community members on X have offered several theories. The most common points to weak entropy in early wallet tools. Pre-2019 brainwallet generators, browser-based wallets, and vanity-address tools often used predictable randomness. Modern cracking tools can now exploit those weaknesses.
BornInForestHills on
Not ready for prime time.
Like why not keep your cash in your mattress?
Because we have BANKS TO SAFEGUARD MONEY.
How can anyone take crypto seriously when hacks like this happen ALL THE TIME?
GodelianKnot on
How do we know it’s an “attacker”? Maybe it’s just the owner of those addresses…
4 Comments
Nice
>A single Ethereum address drained over 261 ETH (roughly $590,000) from hundreds of wallets on Wednesday. Most of those wallets had sat dormant for seven or more years.
…
On-chain data reveals a clear pattern. Small and large ETH amounts flowed into the drainer from wallets inactive since 2018 or earlier. The attacker then routed funds through bridges and swaps. THORChain, Across, Squid, Uniswap V2/V3, and Magpie Router all appeared in the flow. Notably, no mixer activity showed up, suggesting speed over obfuscation.
…
This is not a smart-contract exploit or an approval-based drainer. The attacker moved ETH directly from victim wallets, which means they likely held the private keys.
Community members on X have offered several theories. The most common points to weak entropy in early wallet tools. Pre-2019 brainwallet generators, browser-based wallets, and vanity-address tools often used predictable randomness. Modern cracking tools can now exploit those weaknesses.
Not ready for prime time.
Like why not keep your cash in your mattress?
Because we have BANKS TO SAFEGUARD MONEY.
How can anyone take crypto seriously when hacks like this happen ALL THE TIME?
How do we know it’s an “attacker”? Maybe it’s just the owner of those addresses…