A wallet drainer drained 316,000 USDC from a two-month-old wallet that had been used primarily for DEX swaps, according to blockchain security firm Web3 Antivirus. The attacker moved fast: the stolen USDC was converted into ETH across just two transactions — one worth approximately $47,000 and another worth roughly $268,000 — making recovery through on-chain tracing significantly harder once the swap settled.
Why it matters
The victim wallet's profile is telling. A two-month-old address with a DEX-heavy history is exactly the kind of account that accumulates open token approvals without a systematic review process. Wallet drainers exploit those lingering approvals — often granted to DEX routers or aggregators during normal trading — to pull funds without requiring a second signature from the owner. The speed of the USDC-to-ETH conversion suggests the attacker had an automated laundering pipeline ready to fire the moment the drain confirmed.
Market impact
At $316K this is a contained incident rather than a systemic shock, but the pattern is a standing warning for active DeFi traders: approval sprawl is a liability. Regularly auditing open approvals and revoking stale permissions on any wallet holding meaningful USDC or ETH balances is the primary mitigation. Tools like Web3 Antivirus surface risk exposure dashboards specifically for this purpose.
TheBlock
Lookonchain
WuBlockchain