Loading prices…
🩸BEARISH

Ethereum Phishing Drains 500 Dormant Wallets for $800K

The scale — 500+ wallets, some untouched for years — suggests something beyond a single-point exploit; the on-chain trail points to a shared compromise vector still under investigation.

More than 500 long-dormant Ethereum wallets were drained in a coordinated sweep, with on-chain losses totaling roughly $800K, according to CryptoSlate. The activity is concentrated in an Etherscan-labeled address tagged Fake_Phishing2831105, which received over 260 ETH (~$600K) before forwarding 324.741 ETH through THORChain Router v4.1.1, a common cross-chain laundering hop.

Why it matters

The pattern of victims is unusual: the wallets were largely inactive, some untouched for years, suggesting the attacker was working from a shared leak of historical private keys, seed phrases, or exposure via legacy wallet tools rather than a single new exploit. Dormant-wallet drains are typically a signal that old key-management hygiene is coming back to bite — the same private keys people generated in 2016–2018, often stored in plain text or low-grade custodial tools, are now being systematically harvested.

Market impact

The dollar size is modest at $800K, but the breadth — 500+ victims in what appears to be a single sweep — is the part that matters for ETH holders. The THORChain routing suggests the operator is treating this as a campaign rather than opportunistic theft, and any holder with ETH addresses created before 2020 should treat those keys as compromised by default. Watch for follow-up reporting on whether the seed source was a specific wallet service, a clipboard-replacement tool, or a broader database leak.

Related tokens
$ETH

Frequently asked questions

  1. How many Ethereum wallets were drained in this incident?

    More than 500 long-dormant Ethereum wallets were drained, with on-chain losses totaling roughly $800K according to CryptoSlate.

  2. Where were the stolen ETH sent?

    Over 260 ETH (~$600K) landed at an Etherscan-tagged address called Fake_Phishing2831105, which then forwarded 324.741 ETH through THORChain Router v4.1.1 for cross-chain laundering.

  3. How were so many dormant wallets compromised at once?

    The compromise path is still under investigation, but the victim pattern — wallets inactive for years, drained in a single sweep — points to a shared leak of historical private keys, seed phrases, or legacy wallet tool exposure rather than a fresh exploit.

  4. Should holders of old ETH wallets be concerned?

    Yes. Anyone with Ethereum addresses created before 2020 should treat those private keys as compromised by default until the specific compromise vector is identified, especially if keys were generated on legacy tools or stored in plain text.

  5. How big is this loss compared to previous Ethereum phishing attacks?

    The $800K dollar size is modest relative to major DeFi exploits, but the breadth — 500+ victims in what appears to be a single coordinated sweep — is unusual and signals a campaign rather than opportunistic theft.

Source attribution
Aggregated from WuBlockchain · Verified · Last refreshed 69d ago
Open original →
Original content
Wu Blockchain
Wu Blockchain @WuBlockchain · 69d ago
Over 500 Dormant Ethereum Wallets Drained, Resulting in $800K Losses According to CryptoSlate, more than 500 long-dormant Ethereum wallets appear to have been drained, with losses totaling around $800K. Over 260 ETH, worth roughly $600K, was moved to an Etherscan-labeled address(Fake_Phishing2831105), which later recorded a 324.741 ETH transfer to THORChain Router v4.1.1. The compromise path remains unclear, with old private keys, seed phrases, legacy wallet tools, or key-management risks among the possible causes. Source: https://t.co/C2Xt9YQdpW
Over 500 Dormant Ethereum Wallets Drained, Resulting in $800K Losses

According
11 9 28
View on X →