This week, hundreds of Ethereum wallets, many of them inactive for seven years or more, were drained in what on-chain observers dubbed a live draining campaign associated with the same attacker addresses. According to some, losses have already passed $800,000. What Happened and What We Know So Far One victim, posting under the handle Capitulation.eth, was the first to sound the alarm, saying that funds had left their wallet without authorization and noting that others were being “zeroed out” as well. This was confirmed by crypto analyst Wazz, who shared on-chain data showing a single address sweeping wallets that had last moved funds as far back as 2019. Another analyst, Specter, put the victim count in the hundreds and estimated total losses above $800,000. According to them, the attacker deposited 2 ETH to an exchange, likely converted to Monero, and separately bridged 324 ETH, worth around $734,000, to the Bitcoin network via Thorchain. What is striking about the attack is the age of the wallets involved. Specter noted that most affected wallets were created between four and eight years ago, with very few exceptions. Community researchers largely agree that this is not a smart contract vulnerability or a token approval exploit. Developer Fitna was direct about it: “Old secret keys and seed phrases leaked years ago from bad wallet apps, weak randomness, stolen backups, LastPass, cloud leaks, or old 2017/18 software. Hacker is now draining leftover ETH.” Cryptographer Mikerah offered a similar read, suggesting the pattern points to an older key generation process that used weak entropy, adding that the scenario is “really scary to think about.” Developer Rahul Saxena used the incident to urge users to check wallets for old token approvals and pointed to revoke.cash as a tool to remove them, though Fitna and others stressed that approval scams are separate from what appears to be happening here. April Was Already a Terrible Month for DeFi Security This attack landed on the final day of what analyst Abdul described as “the worst month ever in terms of DeFi exploits,” with roughly $635 million lost across 28 incidents in 30 days. The list runs from a $285 million exploit at Drift on April 1 through a $5 million-plus hit on Wasabi Protocol on the same day the dormant wallet drain was flagged. The month’s largest single incident was the KelpDAO exploit on April 18, in which attackers drained nearly $294 million from the liquid restaking protocol’s bridge contract, converting stolen funds into ETH and spreading them across Ethereum and Arbitrum. An attack on Syndicate Network, reported on April 29, added another $330,000 to the total when an address acquired 18.5 million SYND tokens through a bridge compromise and sold them, sending SYND down more than 37% in 24 hours. The post Old Ethereum Wallets Drained in Coordinated Attack, Losses Pass $800K appeared first on CryptoPotato .
