More than 500 dormant Ethereum wallets were drained in a coordinated attack that siphoned roughly $800,000 in ETH, according to a CryptoSlate investigation published on April 30, 2026. The incident targeted wallets that had been inactive for four to eight years, raising urgent questions about legacy key security across the Ethereum ecosystem.
What CryptoSlate reported about the dormant Ethereum wallet drain
CryptoSlate reported that the attacker consolidated funds from hundreds of long-idle wallets into a single address, swapping 324.741 ETH worth $749,079.99 through the THORChain router on April 30 at 15:28:59 UTC. The sending address, 0xA707…FAd7, has been flagged by Etherscan as Fake_Phishing2831105 following a report filed by blockchain investigator Specter.
The tagged address accumulated 596 transactions in total, a figure directionally consistent with CryptoSlate’s estimate that more than 500 unique wallets were affected. Many of the compromised wallets had reportedly sat untouched for four to eight years before funds were swept.
ON-CHAIN DATA
- Transaction hash: 0xba1b…6aac
- Amount: 324.741 ETH ($749,079.99 at time of transfer)
- From: 0xA707…FAd7 (Fake_Phishing2831105) → THORChain Router v4.1.1
- Timestamp: April 30, 2026, 15:28:59 UTC
Specter wrote on April 30 that older EVM wallets were being drained, with estimated losses exceeding $800,000 across hundreds of victims. The attack appeared to involve key compromise, primarily targeting wallets created four to eight years ago.
It appears there is an ongoing wallet draining affecting older EVM wallets, with estimated losses exceeding $800K across hundreds of victims.
The attack seems to involve key compromise, primarily targeting wallets created 4–8 years ago. Only a few affected wallets are less than… https://t.co/iKS3rCpGPl pic.twitter.com/mlMyuVoyGA
— Specter (@SpecterAnalyst) April 30, 2026
Source: @SpecterAnalyst on X
After the ETH was bridged out through THORChain, according to unconfirmed reports, roughly $66,000 remained across the attacker’s EVM wallets. No formal postmortem or official disclosure has confirmed the exact compromise vector.
Theories circulating in security circles include weak entropy in legacy wallet generation tools, seed phrase exposure tied to historical password manager breaches, and other old key leaks. These remain unconfirmed hypotheses rather than established findings.
Why dormant wallet compromises raise broader security concerns
The incident highlights a persistent blind spot in Ethereum security: wallets generated years ago may carry vulnerabilities their owners never revisited. Early wallet tooling sometimes relied on weaker randomness or key derivation methods that have since been deprecated. If private keys were generated with insufficient entropy, those wallets remain exploitable indefinitely.
For holders of older wallets, this event is a concrete reminder to audit key storage practices. Moving funds to a wallet generated with modern tooling, verifying that seed phrases are stored offline, and periodically checking dormant addresses for unauthorized activity are practical steps that could prevent similar losses.
The drain comes at a time when the broader crypto regulatory landscape is shifting rapidly. As U.S. regulators move toward formalizing crypto perpetuals rules, and with stablecoin legislation advancing through Congress, individual wallet security remains an area where users bear sole responsibility. Even as institutional frameworks mature, incidents like this underscore the gap between market enthusiasm and basic operational security.
ETH traded at $2,304.69 at press time, up roughly 1% over 24 hours, suggesting the incident had no measurable impact on broader market pricing. The Crypto Fear and Greed Index sat at 39, reflecting a “Fear” reading that predates this event.
The $800,000 loss, while devastating for individual victims, is a rounding error relative to Ethereum’s $278 billion market cap. That asymmetry does not diminish the severity for those affected, particularly holders who may not even realize their old wallets have been emptied. Dormant does not mean safe, and wallet hygiene requires ongoing attention regardless of how long funds have sat untouched.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
