A series of long-idle Ethereum wallets was recently drained, prompting a significant security alert in the crypto community. On April 30, WazzCrypto brought attention to this unusual activity involving mainnet wallets that hadn’t been active for years. Over 260 ETH—about $600,000—was siphoned from more than 500 dormant accounts, with total losses nearing $800,000. These wallets, some dating back four to eight years and associated with older Ethereum tools, were found to have redirected funds to a single tagged address named Fake_Phishing2831105 via the THORChain Router v4.1.1.
The incident highlights key concerns around wallet security, as no definitive compromise vector has been identified. Theories suggest potential vulnerabilities could involve old seed phrases, weak keys, or compromised storage tools like LastPass. As a result, users are urged to secure high-value wallets with new key material and avoid using outdated recovery methods.
This incident occurred against the backdrop of an already intense month for crypto exploits. According to DefiLlama-linked reports, April saw about 28 incidents, resulting in over $635 million in losses. Notably, Wasabi Protocol faced a significant exploit due to compromised admin authority, leading to substantial financial damage. The pattern underscores critical issues with key management and administrative powers within DeFi protocols.
Recent cases like Drift Protocol’s security breach illustrate risks associated with signer workflows and verifier dependencies, while KelpDAO experienced a cross-chain verification failure resulting in major financial loss. These examples point to broader systemic vulnerabilities that require enhanced operational controls, including multi-signer verification and independent checks for cross-chain messages.
As the crypto landscape evolves, April’s events stress the need for more robust security measures beyond traditional audits and decentralized interfaces. Users must take proactive steps like securing old funds with new keys and maintaining vigilance against potential exposure sources. As the industry reflects on these incidents, the focus shifts to implementing stringent controls over administrative actions, verification processes, and key management practices.