BREAKING
May 2500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows HowMay 1Visa Just Settled $7 Billion in Stablecoins — and Quietly Doubled Its Blockchain NetworkMay 1Is North Korea Running an AI That Automatically Hacks DeFi? April's $625M Record Says the Theory Isn't CrazyApr 30Vitalik's $470M Ethereum L2 Launched Its Token Today — Hit ATH and Dumped 20% in the Same HourApr 30South Korea's Biggest Credit Card Company Just Chose Solana to Power Payments for 28 Million UsersApr 29Western Union, Founded in 1851, Just Killed SWIFT With a Solana StablecoinApr 29Pump.fun Just Lit $370 Million on Fire — and the Community Is FuriousApr 28Bitcoin Has Crashed After 8 of Powell's Last 9 Fed Meetings. He Has One Left.Apr 28Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually WorkApr 27US Traders Have Been Using Illegal Offshore Exchanges for Crypto Perps for Years. That Ended Today.May 2500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows HowMay 1Visa Just Settled $7 Billion in Stablecoins — and Quietly Doubled Its Blockchain NetworkMay 1Is North Korea Running an AI That Automatically Hacks DeFi? April's $625M Record Says the Theory Isn't CrazyApr 30Vitalik's $470M Ethereum L2 Launched Its Token Today — Hit ATH and Dumped 20% in the Same HourApr 30South Korea's Biggest Credit Card Company Just Chose Solana to Power Payments for 28 Million UsersApr 29Western Union, Founded in 1851, Just Killed SWIFT With a Solana StablecoinApr 29Pump.fun Just Lit $370 Million on Fire — and the Community Is FuriousApr 28Bitcoin Has Crashed After 8 of Powell's Last 9 Fed Meetings. He Has One Left.Apr 28Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually WorkApr 27US Traders Have Been Using Illegal Offshore Exchanges for Crypto Perps for Years. That Ended Today.
BTC -- --%
ETH -- --%
Fear & Greed F&G 39 Fear
ESC
Type to search articles
500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How
BREAKING

500 Ethereum Wallets That Hadn't Moved in 8 Years Were Just Drained — And Nobody Knows How

May 2, 2026 · 3 min read · 631 words

Imagine forgetting about a wallet you made in 2018. No activity, no alerts, no reason to worry. Then one morning, it’s empty.

That’s exactly what happened to more than 500 Ethereum holders this week — and the attacker left almost no trace.

What Happened

On April 30, 2026, blockchain researcher WazzCrypto flagged unusual activity on-chain: hundreds of Ethereum addresses that had been completely silent for four to eight years were suddenly being swept clean in a coordinated wave.

Final confirmed damage: 324.741 ETH (~$800K) drained and routed through THORChain Router v4.1.1 — a cross-chain bridge commonly used to obscure fund origins. The stolen funds were first consolidated into a single address tagged Fake_Phishing2831105 on Etherscan (596 total transactions), then forwarded to ThorChain for laundering.

The oldest affected wallet hadn’t moved funds in nearly 14 years.

Nobody Knows How They Got In

That’s the part keeping security researchers up at night.

The compromise vector is still unconfirmed. Current theories being investigated:

  • Weak entropy in legacy wallet tools — early-era key generators used poor randomness, making keys cryptographically weak
  • LastPass-era seed exposure — the 2022 LastPass breach leaked encrypted vaults; attackers may finally be cracking them
  • Compromised mnemonics — seed phrases stored in cloud services, screenshots, or password managers years ago
  • Trading-bot or custodial key handling — keys that passed through third-party tools and were silently harvested

Security analysts are unambiguous: “Idleness does not mitigate private-key risk.” A wallet you haven’t touched since 2016 carries the full threat surface of every device, app, and service that ever touched its private key.

This Is a Pattern, Not a Fluke

This incident fits a broader 2026 trend: attackers are increasingly targeting legacy infrastructure rather than current-era smart contract bugs. Off-chain attacks — compromised credentials, social engineering, supply chain manipulation — accounted for 76% of all crypto hack losses in 2026 so far, according to TRM Labs.

The April 2026 month was the worst in crypto history: 30 separate exploits, $625M stolen, with North Korea-linked groups responsible for the majority.

Dormant wallets are soft targets. Owners aren’t monitoring them. The keys are old. The tooling that generated them may no longer exist. And there’s no warning when an attacker starts probing.

What You Should Do Right Now

If you have old Ethereum wallets — wallets you set up before 2022 — treat them as potentially compromised:

  1. Move funds immediately to a freshly generated wallet using current, audited software
  2. Do not reuse the old seed phrase — generate a new one on a clean device
  3. Check if your old wallet was generated with an early browser plugin or web tool — many had entropy issues
  4. If you used LastPass before 2022, assume any seed phrase stored there is known to attackers
  5. Check Etherscan — look for Fake_Phishing labels on outgoing transactions from your old addresses

Why This Matters for Crypto Jobs

This attack highlights a massive and growing demand for blockchain security professionals. The industry is actively hiring:

  • Blockchain Security Engineers — smart contract auditors, on-chain forensics
  • Key Management Specialists — HSM design, threshold signature schemes (TSS), MPC wallets
  • Incident Response Analysts — firms like Chainalysis, TRM Labs, and Halborn are scaling headcount
  • DevSecOps Engineers — crypto-native companies need engineers who treat private key handling as a first-class concern

The attack also signals that security auditing must extend to legacy systems, not just new code. Companies building wallet infrastructure, custodial services, or DeFi tooling are increasingly funding dedicated security teams — creating jobs that didn’t meaningfully exist three years ago.

Crypto’s security layer is being built in real time. If you’re a security engineer, auditor, or incident responder — the demand has never been higher.

Browse open roles in blockchain security and Web3 at Cryptogrind — where crypto-native companies post jobs for builders who understand the stakes.

How did this hit?
breaking-newsethereumsecuritydefihacks

More stories

Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually Work

Ethereum's Biggest Rivals Just Pooled $300M to Bail Out a North Korean Hack — and It Might Actually Work

Apr 28
DeFi Lost More in 18 Days Than All of Q1 — And Congress Just Called an Emergency Hearing

DeFi Lost More in 18 Days Than All of Q1 — And Congress Just Called an Emergency Hearing

Apr 21
An AI Tool No One Audited Just Cracked Open Crypto's Entire Frontend Layer

An AI Tool No One Audited Just Cracked Open Crypto's Entire Frontend Layer

Apr 20

Related jobs on Cryptogrind

View all
🔒 Security Engineer 🏦 DeFi Engineer

Looking for your next crypto role?

Browse hundreds of Web3 and crypto positions on Cryptogrind — from smart contract engineers to DeFi analysts.

Browse jobs