Loading prices…
🩸BEARISH

Wallet drainer steals 316K USDC from 2-month-old address

The stolen USDC was swapped into ETH inside two transactions within minutes — a drain pattern consistent with automated kits rather than a targeted attack on a high-value holder.

A wallet drainer drained approximately 316,000 USDC from a roughly two-month-old address, according to Web3 Antivirus, a security firm that tracks on-chain exploits. The wallet had been mostly used for DEX swaps before the strike.

The stolen USDC was swapped into ETH through two transactions worth around $47,000 and $268,000, a rapid sequence consistent with an automated drainer kit rather than a manual theft. ETH is the preferred exit asset for most drainer operations because of deep liquidity and straightforward bridging into mixers.

Why it matters

Wallet drainers typically reach victims through phishing sites, fake airdrop pages, or malicious browser-wallet approvals — once a user signs a malicious transaction, the attacker can sweep the address without further interaction. The pattern of small DEX-swap history followed by a single large drain is the textbook signature of a permission-approval exploit, not a private-key compromise.

Market impact

The absolute size of the loss is modest, but drainer activity on stablecoins is a persistent pressure on retail confidence and on USDC liquidity assumptions for users who treat the token as a "safe" parking asset. The two-step USDC-to-ETH exit also briefly adds sell pressure on USDC and buy pressure on ETH at the moment of swap, though the notional is too small to move either curve.

Related tokens
$USDC $ETH

Frequently asked questions

  1. What is a wallet drainer?

    A wallet drainer is an automated exploit kit that tricks users into signing malicious token approvals or transactions, allowing the attacker to sweep the wallet's balances without holding the private key.

  2. How did the attacker steal 316,000 USDC?

    The drainer almost certainly relied on a malicious token approval the victim signed earlier, then converted the USDC into ETH in two transactions worth roughly $47,000 and $268,000.

  3. Why did the thief swap USDC for ETH?

    ETH offers deep liquidity and straightforward bridging into mixers, making it the standard exit asset for drainer operators looking to launder stolen stablecoins.

  4. Was this a targeted attack or an opportunistic one?

    The pattern — a wallet with small DEX-swap history drained in a single automated sweep — is consistent with an opportunistic hit via a phishing or fake-airdrop site, not a hand-crafted attack on a high-value holder.

  5. How can users protect themselves from wallet drainers?

    Revoke unlimited token approvals after using unfamiliar dApps, avoid signing transactions on unverified sites, and use on-chain security tools to check approval exposure and risk scores before signing.

Source attribution
Aggregated from CoinTelegraph · Verified · Last refreshed 45d ago
Open original →