BREAKING
May 15The New Fed Chair Owns $100M in Crypto — And Nobody at the Fed Has Ever Said That BeforeMay 15Hackers Hit THORChain on 4 Blockchains at Once — $10.8M Gone, Trading Halted, No One Knows HowMay 14One Republican Vote Stood Between Crypto and Real US Law — He Just FlippedMay 14Hyperliquid Just Killed Its Own Stablecoin — and Handed the Keys to CoinbaseMay 1340% of the CEOs Trump Flew to China Have Crypto Ties — and Bitcoin Just NoticedMay 13The $12 Trillion Brokerage Just Handed 35 Million Retail Investors Direct Bitcoin AccessMay 12Senate Drops 309-Page Crypto Law at Midnight — Democrats Are Blocking It to Stop Trump From Cashing OutMay 12Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.May 11For 18 Months, Any Miner Could Have Crashed Bitcoin's Network. 43% of Nodes Still Haven't Patched.May 11Circle Built a Blockchain Where Gas Fees Cost Dollars — BlackRock & a16z Just Paid $222M to Get InMay 15The New Fed Chair Owns $100M in Crypto — And Nobody at the Fed Has Ever Said That BeforeMay 15Hackers Hit THORChain on 4 Blockchains at Once — $10.8M Gone, Trading Halted, No One Knows HowMay 14One Republican Vote Stood Between Crypto and Real US Law — He Just FlippedMay 14Hyperliquid Just Killed Its Own Stablecoin — and Handed the Keys to CoinbaseMay 1340% of the CEOs Trump Flew to China Have Crypto Ties — and Bitcoin Just NoticedMay 13The $12 Trillion Brokerage Just Handed 35 Million Retail Investors Direct Bitcoin AccessMay 12Senate Drops 309-Page Crypto Law at Midnight — Democrats Are Blocking It to Stop Trump From Cashing OutMay 12Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.May 11For 18 Months, Any Miner Could Have Crashed Bitcoin's Network. 43% of Nodes Still Haven't Patched.May 11Circle Built a Blockchain Where Gas Fees Cost Dollars — BlackRock & a16z Just Paid $222M to Get In
BTC -- --%
ETH -- --%
Fear & Greed F&G 31 Fear
ESC
Type to search articles
500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How
BREAKING

500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How

May 2, 2026 · 3 min read · 631 words

Imagine forgetting about a wallet you made in 2018. No activity, no alerts, no reason to worry. Then one morning, it’s empty.

That’s exactly what happened to more than 500 Ethereum holders this week — and the attacker left almost no trace.

What Happened

On April 30, 2026, blockchain researcher WazzCrypto flagged unusual activity on-chain: hundreds of Ethereum addresses that had been completely silent for four to eight years were suddenly being swept clean in a coordinated wave.

Final confirmed damage: 324.741 ETH (~$800K) drained and routed through THORChain Router v4.1.1 — a cross-chain bridge commonly used to obscure fund origins. The stolen funds were first consolidated into a single address tagged Fake_Phishing2831105 on Etherscan (596 total transactions), then forwarded to ThorChain for laundering.

The oldest affected wallet hadn’t moved funds in nearly 14 years.

Nobody Knows How They Got In

That’s the part keeping security researchers up at night.

The compromise vector is still unconfirmed. Current theories being investigated:

  • Weak entropy in legacy wallet tools — early-era key generators used poor randomness, making keys cryptographically weak
  • LastPass-era seed exposure — the 2022 LastPass breach leaked encrypted vaults; attackers may finally be cracking them
  • Compromised mnemonics — seed phrases stored in cloud services, screenshots, or password managers years ago
  • Trading-bot or custodial key handling — keys that passed through third-party tools and were silently harvested

Security analysts are unambiguous: “Idleness does not mitigate private-key risk.” A wallet you haven’t touched since 2016 carries the full threat surface of every device, app, and service that ever touched its private key.

This Is a Pattern, Not a Fluke

This incident fits a broader 2026 trend: attackers are increasingly targeting legacy infrastructure rather than current-era smart contract bugs. Off-chain attacks — compromised credentials, social engineering, supply chain manipulation — accounted for 76% of all crypto hack losses in 2026 so far, according to TRM Labs.

The April 2026 month was the worst in crypto history: 30 separate exploits, $625M stolen, with North Korea-linked groups responsible for the majority.

Dormant wallets are soft targets. Owners aren’t monitoring them. The keys are old. The tooling that generated them may no longer exist. And there’s no warning when an attacker starts probing.

What You Should Do Right Now

If you have old Ethereum wallets — wallets you set up before 2022 — treat them as potentially compromised:

  1. Move funds immediately to a freshly generated wallet using current, audited software
  2. Do not reuse the old seed phrase — generate a new one on a clean device
  3. Check if your old wallet was generated with an early browser plugin or web tool — many had entropy issues
  4. If you used LastPass before 2022, assume any seed phrase stored there is known to attackers
  5. Check Etherscan — look for Fake_Phishing labels on outgoing transactions from your old addresses

Why This Matters for Crypto Jobs

This attack highlights a massive and growing demand for blockchain security professionals. The industry is actively hiring:

  • Blockchain Security Engineers — smart contract auditors, on-chain forensics
  • Key Management Specialists — HSM design, threshold signature schemes (TSS), MPC wallets
  • Incident Response Analysts — firms like Chainalysis, TRM Labs, and Halborn are scaling headcount
  • DevSecOps Engineers — crypto-native companies need engineers who treat private key handling as a first-class concern

The attack also signals that security auditing must extend to legacy systems, not just new code. Companies building wallet infrastructure, custodial services, or DeFi tooling are increasingly funding dedicated security teams — creating jobs that didn’t meaningfully exist three years ago.

Crypto’s security layer is being built in real time. If you’re a security engineer, auditor, or incident responder — the demand has never been higher.

Browse open roles in blockchain security and Web3 at Cryptogrind — where crypto-native companies post jobs for builders who understand the stakes.

How did this hit?
breaking-newsethereumsecuritydefihacks

More stories

Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.

Blind Signing Has Drained Crypto of Billions. Ethereum Just Launched the Kill Switch.

May 12
Someone Sent Grok a Morse Code Tweet — Then Walked Away With $175K in Crypto

Someone Sent Grok a Morse Code Tweet — Then Walked Away With $175K in Crypto

May 7
Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually Work

Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually Work

Apr 28

Related jobs on Cryptogrind

View all
🔒 Security Engineer 🏦 DeFi Engineer

Looking for your next crypto role?

Browse hundreds of Web3 and crypto positions on Cryptogrind — from smart contract engineers to DeFi analysts.

Browse jobs