A series of reports on What is unusual about the case is not the type of attack (already known in the ecosystem), but the profile of the victims: addresses inactive for long periods.
In the theft, a movement of 324,741 ETH was recorded as assets involved in the Bitcoin network using ThorChainalthough it is not confirmed that everything corresponds to the stolen funds. On the other hand, around $32,000 worth of ETH was stored in another wallet and part of the funds were exchanged for 9.56 BTC. The funds trail shows that the main wallet linked to the attackers was powered by an address flagged by “fake_phishing” (tag for addresses linked to theft) in Etherscan.
In relation to the above, In addition to ETH, they mined other assets, testing losses of up to $700,000 in one case, however, the moves suggest the total volume could be higher. Some victims claimed that some of the funds in some wallets were not completely withdrawn.
On-chain analysis indicates that the attack It focused on wallets between 4 and 8 years old. Even experienced users claimed to have not interacted with contracts or protocols, which reinforces the uncertainty about the origin of the commitment.
At the time of this publication, it has not been identified how the private keys were compromised and there is no official statement from the companies involved. However, Among the possible causes are old leaks of private keys, activated years later to claim the crypto assets, an attack that has occurred in the past with the Lastpass leak, which CriptoNoticias reported at the time.
On the other hand, there could also be a use of compromised versions of wallets or exposure derived from trading bots that require direct access to keys.
Altogether, this case reinforces doubts about the DeFi ecosystem’s resilience to attacks, especially when the month of April closed with more than 30 incidents and USD 635 million stolen. In other words, the month concentrated 78% of the hacks recorded so far this year, according to monitoring carried out by CriptoNoticias.