{"id":2800,"date":"2026-05-01T22:42:35","date_gmt":"2026-05-01T22:42:35","guid":{"rendered":"https:\/\/blog.coinsignals.net\/?p=2800"},"modified":"2026-05-01T22:42:35","modified_gmt":"2026-05-01T22:42:35","slug":"dormant-ethereum-wallets-targeted-in-coordinated-attack-as-losses-surpass-800000-dollars","status":"publish","type":"post","link":"https:\/\/blog.coinsignals.net\/index.php\/2026\/05\/01\/dormant-ethereum-wallets-targeted-in-coordinated-attack-as-losses-surpass-800000-dollars\/","title":{"rendered":"Dormant Ethereum Wallets Targeted in Coordinated Attack as Losses Surpass 800,000 Dollars"},"content":{"rendered":"\n
\n
\"\"<\/figure>\n<\/figure>\n\n\n\n

A wave of coordinated attacks has drained hundreds of Ethereum wallets, many of which had remained inactive for seven years or longer. On chain investigators have linked the activity to the same attacker addresses, with total losses now estimated to exceed 800,000 dollars.<\/p>\n\n\n\n

What Happened and Key Findings So Far<\/strong><\/p>\n\n\n\n

The issue first came to light when a user known as Capitulation.eth reported unauthorized withdrawals from their wallet and warned that other accounts were also being completely emptied. Crypto analyst Wazz later confirmed the activity, sharing blockchain data that showed a single address systematically sweeping funds from wallets that had not been active since as far back as 2019.<\/p>\n\n\n\n

Another analyst, Specter, estimated that hundreds of wallets have been affected, with total losses exceeding 800,000 dollars. According to their findings, the attacker transferred 2 ETH to an exchange, likely converting it into Monero, and separately moved 324 ETH, valued at roughly 734,000 dollars, to the Bitcoin network using Thorchain.<\/p>\n\n\n\n

One of the most alarming aspects of the incident is the age of the targeted wallets. Most of them were created between four and eight years ago, suggesting that the vulnerability is not recent.<\/p>\n\n\n\n

Security researchers widely agree that the attack is not related to smart contract flaws or token approval exploits. Instead, the likely cause appears to be compromised private keys or seed phrases that were exposed years ago. These leaks may have originated from insecure wallet applications, poor randomness during key generation, stolen backups, password manager breaches, cloud storage leaks, or outdated software from the 2017 to 2018 period.<\/p>\n\n\n\n

Cryptography experts have also pointed to the possibility of weak entropy in older key generation methods, which may have made certain wallets easier to compromise over time. The situation has raised concerns about long term security risks for early cryptocurrency users.<\/p>\n\n\n\n

While some developers have advised users to review and revoke old token permissions as a precaution, experts emphasize that approval based scams are not the main issue in this case, as the attack appears to rely on previously exposed credentials.<\/p>\n\n\n\n

DeFi Security Suffers Record Losses in April<\/strong><\/p>\n\n\n\n

This incident adds to an already difficult month for decentralized finance security. Analysts described April as one of the worst periods on record, with approximately 635 million dollars lost across 28 separate incidents.<\/p>\n\n\n\n

Among the major cases, a 285 million dollar exploit affected Drift at the start of the month, while Wasabi Protocol suffered losses exceeding 5 million dollars around the same time the wallet draining activity was discovered.<\/p>\n\n\n\n

The largest single breach occurred on April 18, when attackers exploited KelpDAO, draining nearly 294 million dollars from its bridge contract. The stolen funds were converted into Ethereum and distributed across networks including Ethereum and Arbitrum.<\/p>\n\n\n\n

Another incident involving Syndicate Network on April 29 resulted in an additional 330,000 dollar loss. In that case, attackers acquired 18.5 million SYND tokens through a compromised bridge and sold them, causing the token\u2019s price to drop by more than 37 percent within a day.#crypto#cryptonews https:\/\/coinsignals.net<\/a> https:\/\/t.me\/coinsignalpublic<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A wave of coordinated attacks has drained hundreds of Ethereum wallets, many of which had remained inactive for seven years or longer. On chain investigators have...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2800","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/2800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/comments?post=2800"}],"version-history":[{"count":1,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/2800\/revisions"}],"predecessor-version":[{"id":2802,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/2800\/revisions\/2802"}],"wp:attachment":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/media?parent=2800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/categories?post=2800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/tags?post=2800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}