A long-time Solana whale lost roughly 181,000 SOL, worth about $14.2 million, in what on-chain investigator zachxbt flagged as a wallet drain. The attacker sold the entire 181K SOL stack, bridged the proceeds to Ethereum, and swapped into 7,918 ETH, also valued at $14.2M, a sequence zachxbt laid out in his public thread.
The pattern matches a private-key compromise rather than a protocol exploit: the funds moved in one clean direction with no on-chain negotiation, no DEX-aggregator splitting, and no attempt at obfuscation beyond the cross-chain hop. Bridging straight to Ethereum and converting to ETH typically signals a thief preparing to cycle through mixers or OTC desks on a network with deeper liquidity for off-ramps.
Why it matters
Solana OGs with seven-figure bags are a recurring target for phishing and fake-mev/validator installer attacks that surface a victim's signing keys. A single drain of this size is a reminder that self-custody hygiene, hardware-wallet separation, and signer rotation still beat any software-side defense once a key is exposed.
Market impact
The sale hit SOL order books directly, with the thief able to clear 181K SOL without slippage protection visible on-chain, a sign of either deep liquidity access or patient execution. The ETH swap preserves optionality: the attacker can now route through Tornado-style mixers, OTC desks, or CEX deposit chains where SOL-native tracing tools are weaker.
Frequently asked questions
-
How much was stolen from the Solana OG?
Roughly 181,000 SOL, valued at about $14.2 million at the time of the theft, per on-chain investigator zachxbt.
-
How did the attacker move the stolen SOL?
The attacker sold all 181K SOL, bridged the proceeds to Ethereum, and swapped them into 7,918 ETH, also valued at about $14.2M.
-
What kind of attack was this?
The single-direction move with no on-chain negotiation points to a private-key compromise, typical of phishing or fake validator/MEV installer attacks on Solana holders.
-
Why bridge to Ethereum instead of cashing out on Solana?
Ethereum offers deeper liquidity for mixers, OTC desks, and CEX deposit chains where SOL-native tracing tools are weaker, giving the attacker more off-ramp optionality.
-
Who is zachxbt?
Zachxbt is a well-known on-chain investigator who publicly traces stolen crypto flows and was the source for this drain's wallet-to-wallet trail.
Lookonchain