More than 500 long-dormant Ethereum wallets were drained in a coordinated sweep, with on-chain losses totaling roughly $800K, according to CryptoSlate. The activity is concentrated in an Etherscan-labeled address tagged Fake_Phishing2831105, which received over 260 ETH (~$600K) before forwarding 324.741 ETH through THORChain Router v4.1.1, a common cross-chain laundering hop.
Why it matters
The pattern of victims is unusual: the wallets were largely inactive, some untouched for years, suggesting the attacker was working from a shared leak of historical private keys, seed phrases, or exposure via legacy wallet tools rather than a single new exploit. Dormant-wallet drains are typically a signal that old key-management hygiene is coming back to bite — the same private keys people generated in 2016–2018, often stored in plain text or low-grade custodial tools, are now being systematically harvested.
Market impact
The dollar size is modest at $800K, but the breadth — 500+ victims in what appears to be a single sweep — is the part that matters for ETH holders. The THORChain routing suggests the operator is treating this as a campaign rather than opportunistic theft, and any holder with ETH addresses created before 2020 should treat those keys as compromised by default. Watch for follow-up reporting on whether the seed source was a specific wallet service, a clipboard-replacement tool, or a broader database leak.
Frequently asked questions
-
How many Ethereum wallets were drained in this incident?
More than 500 long-dormant Ethereum wallets were drained, with on-chain losses totaling roughly $800K according to CryptoSlate.
-
Where were the stolen ETH sent?
Over 260 ETH (~$600K) landed at an Etherscan-tagged address called Fake_Phishing2831105, which then forwarded 324.741 ETH through THORChain Router v4.1.1 for cross-chain laundering.
-
How were so many dormant wallets compromised at once?
The compromise path is still under investigation, but the victim pattern — wallets inactive for years, drained in a single sweep — points to a shared leak of historical private keys, seed phrases, or legacy wallet tool exposure rather than a fresh exploit.
-
Should holders of old ETH wallets be concerned?
Yes. Anyone with Ethereum addresses created before 2020 should treat those private keys as compromised by default until the specific compromise vector is identified, especially if keys were generated on legacy tools or stored in plain text.
-
How big is this loss compared to previous Ethereum phishing attacks?
The $800K dollar size is modest relative to major DeFi exploits, but the breadth — 500+ victims in what appears to be a single coordinated sweep — is unusual and signals a campaign rather than opportunistic theft.
WuBlockchain