More than 500 Ethereum wallets, many inactive for years, were drained in a coordinated attack resulting in approximately $800,000 in losses, with stolen funds subsequently laundered through cross-chain protocol ThorChain, according to on-chain investigators. The incident stands out due to the age of affected wallets, with some remaining inactive for up to seven years. Analysts noted that the attacker targeted wallets with no recent activity, raising concerns about latent vulnerabilities tied to older key management practices or previously compromised credentials.
Attack Targets Dormant Wallets at Scale
On-chain data indicates that a coordinated set of addresses systematically drained funds from hundreds of wallets over a short period. The affected wallets held ether and other tokens, though individual balances were generally modest.
Researchers observed that many of the compromised wallets were created between four and eight years ago, suggesting that older storage methods or exposed private keys may have played a role. In some cases, affected users reported no recent interaction with decentralized applications or suspicious contracts, adding to uncertainty around how access was obtained.
The attacker did not fully empty every wallet, leading analysts to consider whether the operation involved selective targeting based on balance thresholds or extraction strategies designed to avoid detection.
Unclear Attack Vector
One of the most significant aspects of the incident is the absence of a confirmed entry point. Unlike common wallet drains tied to phishing links or malicious approvals, this attack has not yet been linked to a specific exploit mechanism.
Security researchers have suggested several possible explanations, including compromised private keys, vulnerabilities in outdated wallet software, or credentials exposed in historical data breaches that were only recently exploited.
The targeting of dormant wallets has intensified concerns because such addresses are often assumed to be safer due to their lack of interaction with newer protocols. The event challenges that assumption and highlights risks associated with long-term storage without periodic key rotation.
Funds Routed Through ThorChain to Obscure Trail
Following the theft, the attacker moved funds through ThorChain, a decentralized cross-chain liquidity protocol that enables asset swaps across multiple blockchains without centralized intermediaries. Investigators said portions of the stolen ether were converted into other assets to complicate tracking efforts. The use of cross-chain infrastructure and asset swapping is a common tactic in crypto-related exploits, as it fragments transaction trails and reduces traceability.
Security Implications and Recommendations
The incident underscores persistent vulnerabilities in self-custody systems, particularly for wallets created during earlier phases of the crypto ecosystem. As the industry evolves, older wallets may rely on outdated security assumptions or tools that are no longer considered best practice.
Security analysts have warned that dormant wallets can become targets if private keys were exposed through weak entropy, compromised devices, or historical leaks. The latest event highlights the importance of proactive security measures, including migrating funds to newly generated wallets and updating storage practices.
While the financial impact is relatively limited compared to larger DeFi exploits, the nature of the attack has drawn significant attention due to its unusual targeting strategy and unclear technical cause. For market participants, the incident reinforces the importance of wallet hygiene and key management as attackers continue to evolve their methods.
Investigators are continuing to analyze transaction patterns in an effort to determine the root cause. A clearer understanding of the exploit may inform future security recommendations and help prevent similar incidents. The attack serves as a reminder that inactivity alone does not guarantee safety in crypto, and that even long-dormant assets can become targets in an increasingly complex threat environment.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
