600K+ drained from dormant ETH wallets silent for up to 8 years — and the attack vector is still unknown.

Over 500 Ethereum wallets that had sat untouched for four to eight years were swept into a single Etherscan-tagged address — Fake_Phishing2831105 — on April 30, with losses estimated between $600,000 and $800,000 and roughly 325 ETH routed onward through THORChain. The wallets were not fresh phishing targets; they were quiet accounts from an earlier Ethereum era, which is precisely what makes this incident harder to dismiss.

The compromise path remains unresolved. Community theories span weak entropy in legacy wallet generators, leaked mnemonics, trading-bot key handling, and LastPass-era seed storage — one affected user explicitly raised the LastPass angle. Without a contract call or privileged transaction to trace, investigators are working at the raw key layer, where the attack surface is the entire history of how a seed was generated, stored, and touched.

The practical read is…