More than 500 Ethereum wallets, many inactive for years, were drained in a coordinated attack resulting in approximately $800,000 in losses, with stolen funds subsequently laundered through cross-chain protocol ThorChain, according to on-chain investigators. The incident stands out due to the age of affected wallets, with some remaining inactive for up to seven years. Analysts noted that the attacker targeted wallets with no recent activity, raising concerns about latent vulnerabilities tied to older key management practices or previously compromised credentials.
Attack Targets Dormant Wallets at Scale
On-chain data indicates that a coordinated set of addresses systematically drained funds from hundreds of wallets over a short period. The affected wallets held ether and other tokens, though individual balances were generally modest.
Researchers observed that many of the compromised wallets were created between four and eight years ago, suggesting that older storage methods or exposed private keys may have played a role. In some cases, affected users reported no recent interaction with decentralized applications or suspicious contracts, adding to uncertainty around how access was obtained.
The attacker did not fully empty every wallet, leading analysts to consider whether the operation involved selective targeting based on balance thresholds or extraction strategies designed to avoid detection.
Unclear Attack Vector
One of the most significant aspects of the incident is the absence of a confirmed entry point. Unlike common wallet drains tied to phishing links or malicious approvals, this attack has not yet been linked to a specific exploit mechanism.
Security researchers have suggested several possible explanations, including compromised private keys, vulnerabilities in outdated wallet software, or credentials exposed in historical data breaches that were only recently exploited.
The targeting of dormant wallets has intensified concerns because such addresses are often assumed to be safer due to their lack of interaction with newer protocols. The event challenges that assumption and highlights risks associated with long-term storage without periodic key rotation.
Funds Routed Through ThorChain to Obscure Trail
Following the theft, the attacker moved funds through ThorChain, a decentralized cross-chain liquidity protocol that enables asset swaps across multiple blockchains without centralized intermediaries. Investigators said portions of the stolen ether were converted into other assets to complicate tracking efforts. The use of cross-chain infrastructure and asset swapping is a common tactic in crypto-related exploits, as it fragments transaction trails and reduces traceability.
Security Implications and Recommendations
The incident underscores persistent vulnerabilities in self-custody systems, particularly for wallets created during earlier phases of the crypto ecosystem. As the industry evolves, older wallets may rely on outdated security assumptions or tools that are no longer considered best practice.
Security analysts have warned that dormant wallets can become targets if private keys were exposed through weak entropy, compromised devices, or historical leaks. The latest event highlights the importance of proactive security measures, including migrating funds to newly generated wallets and updating storage practices.
While the financial impact is relatively limited compared to larger DeFi exploits, the nature of the attack has drawn significant attention due to its unusual targeting strategy and unclear technical cause. For market participants, the incident reinforces the importance of wallet hygiene and key management as attackers continue to evolve their methods.
Investigators are continuing to analyze transaction patterns in an effort to determine the root cause. A clearer understanding of the exploit may inform future security recommendations and help prevent similar incidents. The attack serves as a reminder that inactivity alone does not guarantee safety in crypto, and that even long-dormant assets can become targets in an increasingly complex threat environment.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Bitcoin ETFs Record $22.31M Daily Inflow While Ethereum ETFs See $56.36M Outflow on May 1
Gate News message, according to the May 1 update, Bitcoin ETFs registered a daily net inflow of 284 BTC ($22.31M), though the 7-day net flow shows an outflow of 6,246 BTC ($489.95M). Ethereum ETFs experienced a daily net outflow of 24,420 ETH ($56.36M), with a 7-day net outflow of 99,299 ETH ($229.1
GateNews7m ago
Ethereum ETFs Shed $184M Over 4-Day Losing Streak
Ethereum exchange-traded funds posted $184 million in outflows over four consecutive days through April 30, according to market data, as geopolitical uncertainty offset gains in U.S. equities. The outflows extended a losing streak that began earlier in the week, with the largest single-day exit
CryptoFrontier15m ago
SYNBO Unveils On-Chain Investment Protocol at Shanghai Ethereum University Tour
According to ChainCatcher, SYNBO unveiled its on-chain investment protocol during the Shanghai station of the Ethereum University Tour at Fudan University. The protocol aims to address fragmentation in the current primary market, which relies heavily on offline intermediaries across four key
GateNews2h ago
Eightco Holdings Discloses $333M Asset Reserve Including 283.45M WLD and 11,068 ETH as of April 27
According to PRNewswire, Eightco Holdings (ORBS), a Nasdaq-listed company, disclosed its asset holdings as of April 27, totaling approximately $333 million. The portfolio includes 283.45 million Worldcoin (WLD) tokens, 11,068 ETH, a $90 million investment in OpenAI, a $25 million investment in
GateNews3h ago
Arbitrum DAO Votes to Release 30,766 ETH to DeFi United Following Kelp DAO Attack
According to The Block, the Arbitrum DAO is currently voting to release approximately 30,766 ETH frozen by the Arbitrum Security Council to the DeFi United initiative, which was formed following the Kelp DAO attack earlier this month. In the first hour of voting, 16.9 million ARB tokens were cast in
GateNews3h ago
