Huge hack alert: Inactive Ethereum wallets emptied around 261ETH

19 replies 436 views
whale777Full Member
Posts: 125 · Reputation: 470
#1Mar 6, 2025, 11:43 PM
So, check this out. Earlier today, some hacker went after old, inactive Ethereum wallets and made off with roughly 261 ETH, all funneled into one wallet. They cracked the private keys of loads of dormant wallets from 2019 and earlier, then shuffled the coins around using different cross-chain protocols like thorchains, uniswap, and Magpie router to throw off any trace. The Ethereum network itself is said to be secure, but this guy had some serious tools that could break the weak randomness of private keys made with those old wallet generators. We’re talking about stuff like pre-2019 brainwallets and browser-based key makers. These outdated methods just can’t hold up against the high-level cracking tools out there now, which explains how this guy got the keys to all those wallets. If you've got any funds sitting in dormant wallets, now’s the time to move them to safer ones like Ledger Nano. Better safe than sorry!
5 Reply Quote Share
raven1337Hero Member
Posts: 530 · Reputation: 3357
#2Mar 7, 2025, 01:51 AM
It's hard to predict what the main causes of it. There are so many assumptions, but all of reasons are possible to happen. It makes sense to think the early wallet generators were not random enough. However, who knows the wallet owners used infected tools that leaked his sensitive key. Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked. Beside that this is a reminder for people to always check their money on their wallet regularly. If they are thinking their money ain't safe enough, they have move it to the safer place.
4 Reply Quote Share
whale777Full Member
Posts: 125 · Reputation: 470
#3Mar 7, 2025, 01:59 AM
Another angle is the server breach or leak from lasspass, sniping bots, or copytrading bots on telegram or other platforms that ask for private keys to trade for users, the attacker must have attained a certain level of leaked data from these servers and is cracking down on the victim's funds using those keys.
0 Reply Quote Share
w0lf404Hero Member
Posts: 801 · Reputation: 2381
#4Mar 7, 2025, 02:29 AM
What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets. Anyway, let's wait and see.
2 Reply Quote Share
tomdefiFull Member
Posts: 126 · Reputation: 377
#5Mar 9, 2025, 09:48 AM
Probably not an Ethereum network problem but rather something to do with how the owners of the addresses generated their wallets or keep their seed phrases and private keys. I don't think this is random The hacker is likely to have landed on an old compromised machine that was used to store the seeds or even landed on seed phrases that can unlock multiple addresses that have some ETH in them.
3 Reply Quote Share
whale777Full Member
Posts: 125 · Reputation: 470
#6Mar 11, 2025, 03:20 PM
This user on X confirmed losing his coins to the scammer's address, I predict that most of the dormant exploited addresses have been forgotten by their owners or they hardly check up on the coin, only a handful of wallets were active in the last few months, or years, the rest was dated back to 7+ years of no activity, also the value of eth was quite small during those years, the scammer came in when those coins has gotten to a significant amount of dollars then moved them away, also you don't expect all the victims to be active users on X.
4 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#7Mar 11, 2025, 07:39 PM
It is possible that since the value of eth was quite small during those years and the scammer hardcoded the ETH value not in USD the drainer didn't get triggered and right now the scammer is doing it manually. I don't really buy the speculation about eth addresses getting cracked, if anything it's privkey leak and it happens a lot when entire infra wasn't as solid as today.
5 Reply Quote Share
vault_2009Full Member
Posts: 198 · Reputation: 739
#8Mar 11, 2025, 09:21 PM
Hacked private keys? Are we sure about this? I am pretty sure that with the protection that we have today, I would be 100% sure that they have not cracked private keys, there has to be something that is helpful for them. Like if you need 12 phrases and have 10 of them ready, then yeah, or if you have all 12 and you need to just order them then yeah, but to just break the entire private key? Absolutely not, that did not happen, and these claims are false. Anyone who knows how these are protected, you can't brute hack into this. Low entropy and also inactive, right? These are really contradicting or just a coincident. Seems like a usual hacking of a long term holders' wallet. Hacking low entropy keys are possible means, then our bitcoins also in danger. If hacking private keys are possible means, we may see similar hacking in other altcoins as well.
4 Reply Quote Share
D4rkFalconSenior Member
Posts: 308 · Reputation: 1050
#9Mar 11, 2025, 09:57 PM
Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money. and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.
0 Reply Quote Share
fox777Member
Posts: 13 · Reputation: 106
#10Mar 12, 2025, 06:18 PM
What is safer than keeping you ETH on your own hardware wallet? Do you mean that older wallets are prone to attacks? I'm confused so sorry if I'm asking stupid questions.
6 Reply Quote Share
jake365Full Member
Posts: 214 · Reputation: 688
#11Mar 12, 2025, 11:14 PM
I am pretty sure that it's more of finding system vulnerabilities with a virus, and swiping all existing privatekeys, then "hacking private key". I have a theory though. Windows 10 just ended their free updates, and there are probably already unpatched win 10 systems around that still contains privatekey data in some form. I was waiting that there could be mass hacks, because even though i think that majority of bigger holders are tech-savvy and careful, they tend to get hacked from time to time. And finding new exploits for old windows 10 systems means that they can just mass attack every system that's online, and there are bound to be quite few new victims that will never know what hit them.
1 Reply Quote Share
CyberWhaleSenior Member
Posts: 169 · Reputation: 1151
#12Mar 13, 2025, 01:20 AM
These are some of the early indications of what we might see in the near future if most blockchains and the wallets on those chains don't build quantum resistant cryptography. Well, it's one thing for a blockchain to be updated, it's another thing for the users to complete the migration. If those accounts that got drained moved the funds to newer wallets, it wouldn't have been drained. I think it might also be the case that those account owners are no more and the hackers were recovering what was otherwise considered to be lost.
2 Reply Quote Share
paulyieldSenior Member
Posts: 518 · Reputation: 1547
#13Mar 13, 2025, 03:52 AM
Logically speaking if the wallet key was brute forced, there's no stopping the hacker from bruteforcing addresses that hold higher amount of ETH. But the hacker is only targeting some random addresses with low amount of ETH, speaks a lot about how the attack was done, definitely ain't brute forcing.
0 Reply Quote Share
miner_bullFull Member
Posts: 92 · Reputation: 642
#14Mar 13, 2025, 07:06 AM
This must be done via some sort of key generator type of thing that people used. Let me put it this way, if he was capable of hacking "all" wallets done before a certain time, he would have taken billions of dollars, and I mean billions, not even like a couple billion, I mean he would be one of the richest people in the world, but he did not. Reason is that the wallets had to be old, and also using certain tool to eb created, and that's how he got them, and those are very limited, that is why he stole just a certain amount. This is still bad of course, but it's not something to worry about, no t in general at least, if you do not have a dormant account that is from all the way back, then you have nothing to worry about.
0 Reply Quote Share
calmfalconSenior Member
Posts: 181 · Reputation: 966
#15Mar 13, 2025, 01:08 PM
It is. Brute force into cracking into these is not possible and they did not use that. I can tell you that they did not use brute force and regular cracking because if that was possibility then they could have cracked into some hot wallet of a big exchange and get a billion dollars out, and they did not. So it is clear that they cracked into something specific, and I agree that whatever they cracked into, was something that was basically just a simple coding mistake that they exploited.
3 Reply Quote Share
just_sageFull Member
Posts: 138 · Reputation: 552
#16Mar 13, 2025, 01:30 PM
So someone who invested in ETH and held them since 2018 in a wallet will wake up one day and realize that all his money is gone even when he still hold his private keys? This is a major problem in cryptocurrency in general and it makes me apprehensive because if they can exploit those wallets, it is a matter of time before new wallets are exploited using newer tools. What could be the solution of this type of things?
4 Reply Quote Share
sat_chainMember
Posts: 61 · Reputation: 195
#17Mar 13, 2025, 05:25 PM
Nothing to worry about, these type of exploits and hacks and whatever always are on the news and happens often, at least once a month we see a news like this and it's never a big number, it's always small. Sure, it's sad for those who this happened to, but in general the market is not really caring about such a small number. This is literally not even half a million dollars, we had situations where 40 million was stolen from hot wallets of binance once, so compared to that, this is basically nothing.
1 Reply Quote Share
sigma07Senior Member
Posts: 434 · Reputation: 1309
#18Mar 13, 2025, 07:49 PM
It's likely those tools that we've used where people kept to saved records of their private keys are being exploited by whoever that guy is. It's best to never keep records of these important details of us online and to any of the tools that could be compromised and able to get the backdoor of its database. There's a probable cause in it and if it happened with so many wallets, the culprit was able to access that through a huge database where the users have entrusted long time before.
3 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#19Mar 13, 2025, 09:39 PM
The point is that the market is vulnerable to this kind of attacks. And I don't understand why you said that we shouldn't worry about when we know that there are victims here. What if you are one of the victims? Will you say to yourself that this is not something new and that it is ok for someone to take my money? Yes, it's not comparable to huge amount of hacks or draining techniques. But still if we have been in the market for so long, we can say that we should really be very careful of our crypto so that we won't just be another statistics from this cyber actors.
3 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#20Mar 16, 2025, 02:56 AM
This could be result of social engineering or private key leak due to lack of security in storing their seed phrase, it doesn't really indicate private key breaches. New wallets are usually created using the best security practice for randomness, etc. Not really a concern if you generated a new wallet. The solution would be as always encrypt your private key if you are storing it digitally or simply write it down in a paper and seal it. Also, don't interact with smart contract recklessly and don't connect your wallet to random websites. Hacker can drain your wallet of your money by simply telling you to sign ERC-2612 permit without even telling you to make transactions.
3 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics