BREAKING
Jun 16The Crypto the SEC Killed Is Back. Telegram Just Became Its Biggest Validator.Jun 15The Strait of Hormuz Reopened and $150M in Bitcoin Shorts Got Liquidated by MorningJun 15Trump's Crypto Just Paid UFC Champions on the White House LawnJun 14SBF Will Be 59 When He Gets Out. His Last Appeal Just Failed.Jun 14The Feds Are Suing 8 States to Let You Bet on Anything OnlineJun 13Japan Has $7.4 Trillion Sitting in Near-Zero Savings Accounts. Metaplanet Just Bought a License to Redirect It Into Bitcoin.Jun 1325% of the World's Most Powerful Tech Companies Now Hold Bitcoin — and Both Are Elon Musk'sJun 12You Can't Use Your Bored Ape as Collateral Anymore: NFTfi Shuts Down After $737M in LoansJun 12SpaceX Just Pulled the Largest IPO in History — and Had 18,712 Bitcoin Nobody Knew AboutJun 11The EU Just Built a Crypto Kill Switch — Russia Fired Back the Same DayJun 16The Crypto the SEC Killed Is Back. Telegram Just Became Its Biggest Validator.Jun 15The Strait of Hormuz Reopened and $150M in Bitcoin Shorts Got Liquidated by MorningJun 15Trump's Crypto Just Paid UFC Champions on the White House LawnJun 14SBF Will Be 59 When He Gets Out. His Last Appeal Just Failed.Jun 14The Feds Are Suing 8 States to Let You Bet on Anything OnlineJun 13Japan Has $7.4 Trillion Sitting in Near-Zero Savings Accounts. Metaplanet Just Bought a License to Redirect It Into Bitcoin.Jun 1325% of the World's Most Powerful Tech Companies Now Hold Bitcoin — and Both Are Elon Musk'sJun 12You Can't Use Your Bored Ape as Collateral Anymore: NFTfi Shuts Down After $737M in LoansJun 12SpaceX Just Pulled the Largest IPO in History — and Had 18,712 Bitcoin Nobody Knew AboutJun 11The EU Just Built a Crypto Kill Switch — Russia Fired Back the Same Day
BTC -- --%
ETH -- --%
Fear & Greed F&G 23 Extreme Fear
ESC
Type to search articles
500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How
BREAKING

500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How

May 2, 2026 · 3 min read · 631 words

Imagine forgetting about a wallet you made in 2018. No activity, no alerts, no reason to worry. Then one morning, it’s empty.

That’s exactly what happened to more than 500 Ethereum holders this week — and the attacker left almost no trace.

What Happened

On April 30, 2026, blockchain researcher WazzCrypto flagged unusual activity on-chain: hundreds of Ethereum addresses that had been completely silent for four to eight years were suddenly being swept clean in a coordinated wave.

Final confirmed damage: 324.741 ETH (~$800K) drained and routed through THORChain Router v4.1.1 — a cross-chain bridge commonly used to obscure fund origins. The stolen funds were first consolidated into a single address tagged Fake_Phishing2831105 on Etherscan (596 total transactions), then forwarded to ThorChain for laundering.

The oldest affected wallet hadn’t moved funds in nearly 14 years.

Nobody Knows How They Got In

That’s the part keeping security researchers up at night.

The compromise vector is still unconfirmed. Current theories being investigated:

  • Weak entropy in legacy wallet tools — early-era key generators used poor randomness, making keys cryptographically weak
  • LastPass-era seed exposure — the 2022 LastPass breach leaked encrypted vaults; attackers may finally be cracking them
  • Compromised mnemonics — seed phrases stored in cloud services, screenshots, or password managers years ago
  • Trading-bot or custodial key handling — keys that passed through third-party tools and were silently harvested

Security analysts are unambiguous: “Idleness does not mitigate private-key risk.” A wallet you haven’t touched since 2016 carries the full threat surface of every device, app, and service that ever touched its private key.

This Is a Pattern, Not a Fluke

This incident fits a broader 2026 trend: attackers are increasingly targeting legacy infrastructure rather than current-era smart contract bugs. Off-chain attacks — compromised credentials, social engineering, supply chain manipulation — accounted for 76% of all crypto hack losses in 2026 so far, according to TRM Labs.

The April 2026 month was the worst in crypto history: 30 separate exploits, $625M stolen, with North Korea-linked groups responsible for the majority.

Dormant wallets are soft targets. Owners aren’t monitoring them. The keys are old. The tooling that generated them may no longer exist. And there’s no warning when an attacker starts probing.

What You Should Do Right Now

If you have old Ethereum wallets — wallets you set up before 2022 — treat them as potentially compromised:

  1. Move funds immediately to a freshly generated wallet using current, audited software
  2. Do not reuse the old seed phrase — generate a new one on a clean device
  3. Check if your old wallet was generated with an early browser plugin or web tool — many had entropy issues
  4. If you used LastPass before 2022, assume any seed phrase stored there is known to attackers
  5. Check Etherscan — look for Fake_Phishing labels on outgoing transactions from your old addresses

Why This Matters for Crypto Jobs

This attack highlights a massive and growing demand for blockchain security professionals. The industry is actively hiring:

  • Blockchain Security Engineers — smart contract auditors, on-chain forensics
  • Key Management Specialists — HSM design, threshold signature schemes (TSS), MPC wallets
  • Incident Response Analysts — firms like Chainalysis, TRM Labs, and Halborn are scaling headcount
  • DevSecOps Engineers — crypto-native companies need engineers who treat private key handling as a first-class concern

The attack also signals that security auditing must extend to legacy systems, not just new code. Companies building wallet infrastructure, custodial services, or DeFi tooling are increasingly funding dedicated security teams — creating jobs that didn’t meaningfully exist three years ago.

Crypto’s security layer is being built in real time. If you’re a security engineer, auditor, or incident responder — the demand has never been higher.

Browse open roles in blockchain security and Web3 at Cryptogrind — where crypto-native companies post jobs for builders who understand the stakes.

How did this hit?
breaking-newsethereumsecuritydefihacks

More stories

Someone Stole the Keys to a $5.4M Bridge — And Laundered It Through Binance Before Anyone Noticed

Someone Stole the Keys to a $5.4M Bridge — And Laundered It Through Binance Before Anyone Noticed

May 30
Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.

Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.

May 12
Someone Sent Grok a Morse Code Tweet — Then Walked Away With $175K in Crypto

Someone Sent Grok a Morse Code Tweet — Then Walked Away With $175K in Crypto

May 7

Discussion

Comments are powered by GitHub. Sign in with your GitHub account to chime in.

Related jobs on Cryptogrind

View all
🔒 Security Engineer 🏦 DeFi Engineer

Looking for your next crypto role?

Browse hundreds of Web3 and crypto positions on Cryptogrind — from smart contract engineers to DeFi analysts.

Browse jobs