Ethereum Hack Hits 500 Long-Dormant Wallets, $800K Lost

A new security incident has shaken the crypto space after more than 500 long-dormant Ethereum wallets were suddenly drained, resulting in losses of nearly $800,000. The attack, first flagged by analyst WazzCrypto, is raising deeper concerns about old wallet vulnerabilities and long-forgotten private key exposure.

Old Ethereum Wallets Become New Targets

The affected wallets had been inactive for years, with many untouched for four to eight years. Despite their inactivity, attackers managed to move over 260 ETH, worth around $600,000, into a single address labeled Fake_Phishing2831105 on Etherscan.

From there, funds were further routed, including a transfer of 324.741 ETH to THORChain Router v4.1.1, suggesting attempts to obscure or redistribute the stolen assets.

What makes this case unusual is that these were not active wallets or recent phishing victims. Instead, they were quiet, long-held accounts, indicating the vulnerability may have existed for years before being exploited.

What Caused the Breach?

The exact cause is still unclear, but several possible reasons are being discussed.

Possible causes include:

• Stolen seed phrases
• Weak private key creation in older wallet tools
• Exposure through outdated wallet software
• Leaked details from password managers
• Unsafe storage of recovery phrases

Some users also pointed to older storage habits, where seed phrases were saved in insecure places, making them easier to access later.

Unlike common DeFi hacks, where a smart contract problem can be found, this case appears linked to wallet access itself, making it harder to trace.

As analyst WazzCrypto noted, “These were not active wallets, which makes the incident far more concerning for long-term holders.”

April’s Exploit Wave Gets Worse

This wallet drain comes during a particularly volatile period for crypto security. April alone saw around 28 to 30 major incidents, with total losses exceeding $635 million, according to DeFiLlama-linked data.

Recent attacks, including exploits involving admin keys, bridge verification failures, and signer workflows, highlight a recurring issue: security weaknesses often lie outside the visible smart contract layer.

What Users Should Do Now

The incident highlights a key risk that inactive wallets are not safe if their keys are compromised. Users with older wallets should move funds to new secure setups and avoid entering seed phrases into unknown tools or services.

Community Reaction

The Reddit community reaction is largely split between concern and skepticism. Many users see this as a serious wake-up call, arguing that old wallets being drained proves how fragile crypto security still is and why mass adoption remains slow. Others believe the attacker likely had access to private keys, pointing to weak early wallet tools or poor key storage practices. 

A smaller group even questions whether it was an “attack” at all, suggesting it could be the original owner consolidating funds, though most dismiss that, given the laundering patterns. 

Overall, the sentiment leans cautious, with growing anxiety around long-term wallet safety and self-custody risks.