{"id":534165,"date":"2026-05-01T16:00:36","date_gmt":"2026-05-01T15:00:36","guid":{"rendered":"https:\/\/cryptoslate.com\/?p=534165"},"modified":"2026-05-01T15:37:39","modified_gmt":"2026-05-01T14:37:39","slug":"someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years","status":"publish","type":"post","link":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/","title":{"rendered":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years"},"content":{"rendered":"<p><em>Hundreds of <a href=\"https:\/\/cryptoslate.com\/coins\/ethereum\/\">Ethereum<\/a> wallets that had sat untouched for years were drained into the same tagged address, turning old key exposure into this week\u2019s sharpest crypto security warning.<\/em><\/p>\n<p>On Apr. 30, <a href=\"https:\/\/twitter.com\/WazzCrypto\/status\/2049873991737786723\">WazzCrypto flagged<\/a> the incident affecting mainnet wallets on X, and their warning spread quickly because the affected accounts did not appear to be freshly baited hot wallets. They were old wallets with quiet histories, some tied to assets and tooling from an earlier Ethereum era.<\/p>\n<p>Over 260 ETH, roughly $600,000, was drained from hundreds of dormant wallets. More than 500 wallets appear to be affected, with losses totaling roughly $800,000, and many wallets have been idle for four to eight years. The related <a href=\"https:\/\/etherscan.io\/address\/0xA707034429c8E4E01df056C0CbCf478F0FBeFAd7\">Etherscan address<\/a> is labeled<code>Fake_Phishing2831105<\/code>, and shows 596 transactions, and records a 324.741 ETH movement to THORChain Router v4.1.1 around the Apr. 30 window.<\/p>\n<p>The constant across them is more important for now: long-idle wallets have been moved to a common destination, while the compromise path remains unresolved.<\/p>\n<p>That unresolved vector makes the drain the strongest warning this week, following a surge in DeFi hacks. Protocol exploits usually give investigators a contract, a function call, or a privileged transaction to inspect.<\/p>\n<p>Here, the central question sits at the wallet layer. Did someone obtain old seed phrases, crack weakly generated keys, use leaked private-key material, abuse a tool that once handled keys, or exploit another path that has yet to surface?<\/p>\n<p><a href=\"https:\/\/www.reddit.com\/r\/CryptoCurrency\/comments\/1t0f7fb\/dormant_ethereum_wallets_drained_in_mass_exploit\/\">Public discussion<\/a> has produced theories including weak entropy in legacy wallet tools, compromised mnemonics, trading-bot key handling, and LastPass-era seed storage. One affected user personally raised the LastPass theory.<\/p>\n<p>The practical advice for users is limited but urgent. Idleness does not mitigate private-key risk. A wallet with value depends on the full history of the key, the seed phrase, the device that generated it, the software that touched it, and every place that secret may have been stored.<\/p>\n<p>For users, the response is probably to inventory high-value old wallets, move funds only after setting up fresh key material through trusted hardware or modern wallet software, and avoid entering old seeds into checkers, scripts, or unfamiliar recovery tools. Revoking approvals helps for protocol exposure, including <a href=\"https:\/\/x.com\/wasabi_protocol\/status\/2049799232865874155?s=20\">Wasabi's user warning<\/a>, but a direct wallet drain points first to key security rather than token approvals.<\/p>\n<h2>April widened the control surface<\/h2>\n<p>The wallet cluster landed amid April's crypto exploit tally, which was already elevated. <a href=\"https:\/\/news.bitcoin.com\/defillama-confirms-april-2026-as-cryptos-most-hacked-month-with-30-incidents\/\">DefiLlama-linked reporting<\/a> put April at roughly 28 to 30 incidents and more than $625 million in stolen funds. As of May 1, the live <a href=\"https:\/\/api.llama.fi\/hacks\">DefiLlama API<\/a> showed 28 April incidents totaling $635,241,950.<\/p>\n<p>A May 1 <a href=\"https:\/\/x.com\/Smart_Money\/status\/2050154268401795217?s=20\">market thread<\/a> captured the pressure point: this week's wallet drains, Wasabi Protocol's admin-key exploit, and April's larger DeFi losses all hit control surfaces that ordinary users rarely inspect. The link across the month is architectural rather than attributional.<\/p>\n<p><a href=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258.jpeg\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-534175 size-full\" src=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258.jpeg\" alt=\"Timeline infographic showing April 2026 Drift, KelpDAO, Wasabi, and dormant Ethereum wallet incidents with loss amounts and hidden control points.\" width=\"1024\" height=\"1536\" srcset=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258.jpeg 1024w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258-200x300.jpeg 200w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258-683x1024.jpeg 683w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49c096bd08191be09d89c104bd258-768x1152.jpeg 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n\n<div class=\"cs-article-embed\">\n    <a href=\"https:\/\/cryptoslate.com\/north-korea-stole-500m-from-crypto-in-18-days\/\" class=\"cs-article-embed__link\">\n                    <div class=\"cs-article-embed__media\">\n                <img src=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/04\/north-korea-exploit-team-1024x576.webp\" alt=\"North Korea hit crypto for $500M+ this month \u2014 and the $6.75 billion threat is not over yet\" loading=\"lazy\" decoding=\"async\">\n            <\/div>\n                <div class=\"cs-article-embed__body\">\n            <span class=\"cs-article-embed__related-reading\">Related Reading<\/span>\n            <h3 class=\"cs-article-embed__title\">North Korea hit crypto for $500M+ this month \u2014 and the $6.75 billion threat is not over yet<\/h3>\n                            <div class=\"cs-article-embed__summary\">Drift Protocol and KelpDAO were hit for roughly $286 million and $290 million as attackers targeted peripheral infrastructure.<\/div>\n                                        <div class=\"cs-article-embed__meta\">\n                                            <span class=\"cs-article-embed__meta-item\">Apr 21, 2026<\/span>\n                                                                <span class=\"cs-article-embed__meta-divider\">&middot;<\/span>\n                                                                <span class=\"cs-article-embed__meta-item\">Oluwapelumi Adejumo<\/span>\n                                    <\/div>\n                    <\/div>\n    <\/a>\n<\/div>\n\n<h2>Admin paths became attack paths<\/h2>\n<p><a href=\"https:\/\/news.bitcoin.com\/wasabi-protocol-loses-5m-after-attacker-seizes-deployer-admin-key-across-3-chains\/\">Wasabi Protocol<\/a> supplies the clearest recent protocol example. The Apr. 30 exploit reportedly drained roughly $4.5 million to $5.5 million after an attacker gained deployer\/admin authority, granted <code>ADMIN_ROLE<\/code> to attacker-controlled contracts, and used UUPS proxy upgrades to drain vaults and pools across Ethereum, Base, and Blast. <a href=\"https:\/\/twitter.com\/blockaid_\/status\/2049768426181104095\">Early security alerts<\/a> flagged the admin-upgrade pattern as the attack unfolded.<\/p>\n<p>The reported mechanics put key management at the center of the incident. Upgradeability can be normal maintenance infrastructure. Concentrated upgrade authority turns that maintenance path into a high-value target. If one deployer or privileged account can change implementation logic across chains, the boundary around an audited contract can vanish once that authority is compromised.<\/p>\n<p>That is the user-facing problem hidden inside many DeFi interfaces. A protocol can present open contracts, public front ends, and decentralization language while critical upgrade power still sits in a small set of operational keys.<\/p>\n<h2>Signers and verifiers carried the largest losses<\/h2>\n<p>Drift pushed the same control problem into signer workflow. <a href=\"https:\/\/www.chainalysis.com\/blog\/lessons-from-the-drift-hack\/\">Chainalysis described<\/a> social engineering, durable nonce transactions, fake collateral, oracle manipulation, and a zero-timelock 2-of-5 Security Council migration. <a href=\"https:\/\/blockaid.io\/blog\/285m-gone-how-blockaids-cosigner-could-have-protected-drift-protocol\">Blockaid put the loss<\/a> around $285 million and argued that transaction simulation and stricter co-signer policies could have changed the outcome.<\/p>\n<p>The Drift case matters here because the path did not depend on a simple public-function bug. It depended on a workflow where valid signatures and fast governance machinery could be turned toward a hostile migration. A signer process became the control surface.<\/p>\n\n<div class=\"cs-article-embed\">\n    <a href=\"https:\/\/cryptoslate.com\/drift-hack-stabble-crypto-insider-risk\/\" class=\"cs-article-embed__link\">\n                    <div class=\"cs-article-embed__media\">\n                <img src=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/04\/north-korean-hacker-1024x683.jpg\" alt=\"Compromised developers lying dormant within crypto projects risks next major crypto exploit\" loading=\"lazy\" decoding=\"async\">\n            <\/div>\n                <div class=\"cs-article-embed__body\">\n            <span class=\"cs-article-embed__related-reading\">Related Reading<\/span>\n            <h3 class=\"cs-article-embed__title\">Compromised developers lying dormant within crypto projects risks next major crypto exploit<\/h3>\n                            <div class=\"cs-article-embed__summary\">The bigger risk after Drift may be the access attackers gain before a protocol knows it has a problem.<\/div>\n                                        <div class=\"cs-article-embed__meta\">\n                                            <span class=\"cs-article-embed__meta-item\">Apr 8, 2026<\/span>\n                                                                <span class=\"cs-article-embed__meta-divider\">&middot;<\/span>\n                                                                <span class=\"cs-article-embed__meta-item\">Gino Matos<\/span>\n                                    <\/div>\n                    <\/div>\n    <\/a>\n<\/div>\n\n<p>KelpDAO moved the stress test into cross-chain verification. The <a href=\"https:\/\/layerzero.network\/blog\/kelpdao-incident-statement\">incident statement<\/a> described a bridge configuration in which the rsETH route used LayerZero Labs as the sole DVN verifier. Forensic reviews described compromised RPC nodes and DDoS pressure feeding false data to a <a href=\"https:\/\/www.blockaid.io\/blog\/how-a-single-layerzero-dvn-compromise-drained-292m-from-kelpdao\">single-point verification path<\/a>.<\/p>\n<p>The result, according to <a href=\"https:\/\/www.chainalysis.com\/blog\/kelpdao-bridge-exploit-april-2026\/\">Chainalysis<\/a>, was 116,500 rsETH, worth roughly $292 million, released against a non-existent burn. The token contract could remain intact while the bridge accepted a false premise. That is why a verifier failure can become a market-structure problem once the bridged asset sits inside lending markets and liquidity pools.<\/p>\n\n<div class=\"cs-article-embed\">\n    <a href=\"https:\/\/cryptoslate.com\/defi-lost-13b-this-month-as-the-kelpdao-rescue-shows-both-the-best-and-worst-of-defi\/\" class=\"cs-article-embed__link\">\n                    <div class=\"cs-article-embed__media\">\n                <img src=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/04\/defi-united-kepdao-1024x576.jpg\" alt=\"DeFi lost $13B this month as the KelpDAO rescue shows both the best and worst of DeFi\" loading=\"lazy\" decoding=\"async\">\n            <\/div>\n                <div class=\"cs-article-embed__body\">\n            <span class=\"cs-article-embed__related-reading\">Related Reading<\/span>\n            <h3 class=\"cs-article-embed__title\">DeFi lost $13B this month as the KelpDAO rescue shows both the best and worst of DeFi<\/h3>\n                            <div class=\"cs-article-embed__summary\">The rescue effort that has already lined up tens of thousands of ETH also exposes the uncomfortable reality that DeFi\u2019s biggest crises still depend on multiple factors.<\/div>\n                                        <div class=\"cs-article-embed__meta\">\n                                            <span class=\"cs-article-embed__meta-item\">Apr 26, 2026<\/span>\n                                                                <span class=\"cs-article-embed__meta-divider\">&middot;<\/span>\n                                                                <span class=\"cs-article-embed__meta-item\">Gino Matos<\/span>\n                                    <\/div>\n                    <\/div>\n    <\/a>\n<\/div>\n\n<h2>AI belongs in the speed discussion<\/h2>\n<p>I think <a href=\"https:\/\/www.anthropic.com\/glasswing\">Project Glasswing<\/a> deserves a special mention here for context, separate from causation. Anthropic says <a href=\"https:\/\/red.anthropic.com\/2026\/mythos-preview\/\">Claude Mythos Preview<\/a> found thousands of high-severity <a href=\"https:\/\/cryptoslate.com\/anthropic-mythos-can-hunt-crypto-smart-contract-flaws-at-machine-speed-and-billions-in-defi-may-vanish-fast\/\">software vulnerabilities<\/a> and shows how AI can compress vulnerability discovery. That raises the bar for defenders, but the causal record in these crypto incidents points to keys, signers, admin powers, bridge verification, RPC dependencies, and unresolved wallet exposure.<\/p>\n<p>The security implications are still serious. Faster discovery gives attackers and defenders more parallel surface to work through. It also makes old operational shortcuts more expensive because dormant secrets, privileged keys, and single-verifier paths can be tested faster than teams can manually review them.<\/p>\n<h2>The repair list is operational<\/h2>\n<p>The controls that follow from April sit above and around the codebase.<\/p>\n<table>\n<thead>\n<tr>\n<th>Incident<\/th>\n<th>Hidden control point<\/th>\n<th>Failure mode<\/th>\n<th>Practical control<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Dormant Ethereum wallets<\/td>\n<td>Old wallet material<\/td>\n<td>Funds moved from long-idle wallets into a tagged address while the vector remains unresolved<\/td>\n<td>Fresh key generation for valuable dormant funds, cautious migration, and no seed entry into unknown tools<\/td>\n<\/tr>\n<tr>\n<td>Wasabi<\/td>\n<td>Admin and upgrade authority<\/td>\n<td>Privileged role grants and UUPS upgrades enabled vault and pool drains<\/td>\n<td>Key rotation, stronger thresholds, bounded admin powers, timelocks, and independent monitoring of upgrade actions<\/td>\n<\/tr>\n<tr>\n<td>Drift<\/td>\n<td>Security Council signer workflow<\/td>\n<td>Pre-signed durable nonce transactions and zero-delay governance enabled fast admin takeover<\/td>\n<td>Higher thresholds, delay windows, transaction simulation, and policy-enforced co-signing<\/td>\n<\/tr>\n<tr>\n<td>KelpDAO<\/td>\n<td>Bridge verification path<\/td>\n<td>RPC poisoning and a 1-of-1 DVN route allowed a false cross-chain message to pass<\/td>\n<td>Multi-DVN verification, cross-chain invariant monitoring, and independent checks outside the same verifier path<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><a href=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4.jpeg\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-534176 size-full\" src=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4.jpeg\" alt=\"Control map infographic showing admin keys, signer workflows, bridge verifiers, and old wallet material with operational defenses and user checks.\" width=\"1000\" height=\"1573\" srcset=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4.jpeg 1000w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4-191x300.jpeg 191w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4-651x1024.jpeg 651w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4-768x1208.jpeg 768w, https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/ig_0a471476ce2b829c0169f49b5222ec8191b42ce41ce50a24a4-976x1536.jpeg 976w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/a><\/p>\n<p>For protocols, the priority is to reduce the amount that any single authority can do at once. That means time locks on admin operations, stronger and more stable signer thresholds, monitored privileged-transaction queues, explicit limits on parameter changes, and co-signing systems that simulate transaction effects before humans approve them.<\/p>\n<p>For bridges, the priority is independent verification and invariant checks. A cross-chain message should be tested against the economic fact it claims to represent. If rsETH leaves one side, the system should verify the corresponding state change on the other side before the destination side releases value. That monitoring needs to exist outside the same path that signs the message.<\/p>\n<p>For users, the repair list is smaller. Move valuable old funds to fresh keys through a process you already trust. Separate that action from protocol-specific approval cleanup. Treat every claim about the wallet-drain root cause as provisional until forensic work identifies a common tool, storage path, or exposure source.<\/p>\n<h2>The next test<\/h2>\n<p>April proved that the average user's security checklist is likely incomplete. Audits, public contracts, and decentralized interfaces can coexist with concentrated admin authority, weak signer procedures, brittle bridge verification, and old wallet secrets.<\/p>\n<p>The next quarter will reward proof over decentralization language: constrained upgrade powers, visible timelocks, independent verifier paths, transaction simulation for privileged actions, disciplined access controls, and documented key rotation.<\/p>\n<p>The dormant-wallet drains show the uncomfortable user-side version of the same problem. A system can look quiet while an old control failure waits in the background. April's exploit wave exposed that layer above the code; the next phase will show which teams treat it as core security before funds move.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hundreds of Ethereum wallets that had sat untouched for years were drained into the same tagged address, turning old key exposure into this week\u2019s sharpest crypto security warning. On Apr. 30, WazzCrypto flagged the incident affecting mainnet wallets on X, and their warning spread quickly because the affected accounts did not appear to be freshly [&hellip;]<\/p>\n","protected":false},"author":1264,"featured_media":534182,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[46940,77968,16041,79312,60206],"tags":[],"prediction_market_topic":[],"post_folder":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.9 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years<\/title>\n<meta name=\"description\" content=\"Hundreds of dormant Ethereum wallets were drained as April&#039;s crypto exploit wave exposed risks around old keys, admin powers, and bridges.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years\" \/>\n<meta property=\"og:description\" content=\"Hundreds of dormant Ethereum wallets were drained as April&#039;s crypto exploit wave exposed risks around old keys, admin powers, and bridges.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\" \/>\n<meta property=\"og:site_name\" content=\"CryptoSlate\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-01T15:00:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-01T14:37:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/dormant-ethereum-wallet-drained.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam &#039;Akiba&#039; Wright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@akibablade\" \/>\n<meta name=\"twitter:site\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam 'Akiba' Wright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\"},\"author\":{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/#person\",\"name\":\"Liam 'Akiba' Wright\",\"url\":\"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/#authorimage\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam.jpg\",\"caption\":\"Liam 'Akiba' Wright\"},\"jobTitle\":\"Editor-in-Chief\",\"description\":\"Liam \u201cAkiba\u201d Wright is CryptoSlate\u2019s Editor-in-Chief, reporter and podcast producer, focused on decentralized tech\u2019s positive impact.\",\"worksFor\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"sameAs\":[\"https:\/\/www.akiba.gg\",\"https:\/\/x.com\/akibablade\",\"https:\/\/www.linkedin.com\/in\/liamandrewwright\",\"https:\/\/muckrack.com\/liam-wright\/articles\"]},\"headline\":\"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years\",\"datePublished\":\"2026-05-01T15:00:36+00:00\",\"dateModified\":\"2026-05-01T15:00:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\"},\"wordCount\":1369,\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"articleSection\":[\"DeFi\",\"Featured\",\"Hacks\",\"Market\",\"Wallets\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2026\",\"copyrightHolder\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\",\"url\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\",\"name\":\"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/#website\"},\"datePublished\":\"2026-05-01T15:00:36+00:00\",\"dateModified\":\"2026-05-01T15:00:36+00:00\",\"description\":\"Hundreds of dormant Ethereum wallets were drained as April's crypto exploit wave exposed risks around old keys, admin powers, and bridges.\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptoslate.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptoslate.com\/#website\",\"url\":\"https:\/\/cryptoslate.com\/\",\"name\":\"CryptoSlate\",\"description\":\"Cryptocurrency News and Real-time Coin Data\",\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"NewsMediaOrganization\",\"@id\":\"https:\/\/cryptoslate.com\/#organization\",\"name\":\"CryptoSlate\",\"url\":\"https:\/\/cryptoslate.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"CryptoSlate\"},\"image\":{\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/cryptoslate\",\"https:\/\/www.instagram.com\/cryptoslate\",\"https:\/\/www.linkedin.com\/company\/cryptoslate\",\"https:\/\/www.youtube.com\/c\/cryptoslate\",\"https:\/\/cryptoslate.substack.com\",\"https:\/\/t.me\/cryptoslatenews\",\"https:\/\/www.crunchbase.com\/organization\/cryptoslate\",\"https:\/\/iq.wiki\/wiki\/cryptoslate\",\"https:\/\/news.google.com\/publications\/CAAqKggKIiRDQklTRlFnTWFoRUtEMk55ZVhCMGIzTnNZWFJsTG1OdmJTZ0FQAQ\",\"https:\/\/muckrack.com\/media-outlet\/cryptoslate\",\"https:\/\/www.tiktok.com\/@cryptoslatenews\"],\"publishingPrinciples\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"ownershipFundingInfo\":\"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/\",\"correctionsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"ethicsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"foundingDate\":\"2017-08-04\",\"founder\":[{\"@type\":\"Person\",\"name\":\"Nate Whitehill\"},{\"@type\":\"Person\",\"name\":\"Matthew Blancarte\"}],\"contactPoint\":[{\"@type\":\"ContactPoint\",\"contactType\":\"customer support\",\"url\":\"https:\/\/cryptoslate.com\/contact\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"sales\",\"url\":\"https:\/\/cryptoslate.com\/advertising\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"newsroom\",\"url\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"email\":\"tips@cryptoslate.com\",\"availableLanguage\":\"en-US\"}],\"masthead\":\"https:\/\/cryptoslate.com\/about\/#masthead\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/ea2b02b41a7478e18d903ca8eec4979e\",\"name\":\"Liam 'Akiba' Wright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam-150x150.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam-150x150.jpg\",\"caption\":\"Liam 'Akiba' Wright\"},\"description\":\"Also known as \\\"Akiba,\\\" Liam Wright is the Editor-in-Chief at CryptoSlate and host of the SlateCast. He believes that together decentralized blockchain and AI technology have the potential to make widespread positive change.\",\"sameAs\":[\"https:\/\/www.akiba.gg\",\"https:\/\/www.instagram.com\/akibablade\",\"https:\/\/twitter.com\/akibablade\"],\"award\":[\"Most improved footballer - 1992\"],\"knowsAbout\":[\"Python\",\"Javascript\",\"PHP\",\"HTML\",\"Agentic Software\",\"Machine Learning\",\"2000s emo music\",\"Manchester United\"],\"knowsLanguage\":[\"English\",\"Spanish\"],\"url\":\"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years","description":"Hundreds of dormant Ethereum wallets were drained as April's crypto exploit wave exposed risks around old keys, admin powers, and bridges.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/","og_locale":"en_US","og_type":"article","og_title":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years","og_description":"Hundreds of dormant Ethereum wallets were drained as April's crypto exploit wave exposed risks around old keys, admin powers, and bridges.","og_url":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/","og_site_name":"CryptoSlate","article_published_time":"2026-05-01T15:00:36+00:00","article_modified_time":"2026-05-01T14:37:39+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/05\/dormant-ethereum-wallet-drained.jpg","type":"image\/jpeg"}],"author":"Liam 'Akiba' Wright","twitter_card":"summary_large_image","twitter_creator":"@akibablade","twitter_site":"@cryptoslate","twitter_misc":{"Written by":"Liam 'Akiba' Wright","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#article","isPartOf":{"@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/"},"author":{"@type":"Person","@id":"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/#person","name":"Liam 'Akiba' Wright","url":"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/"},"image":{"@type":"ImageObject","@id":"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/#authorimage","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam.jpg","caption":"Liam 'Akiba' Wright"},"jobTitle":"Editor-in-Chief","description":"Liam \u201cAkiba\u201d Wright is CryptoSlate\u2019s Editor-in-Chief, reporter and podcast producer, focused on decentralized tech\u2019s positive impact.","worksFor":{"@id":"https:\/\/cryptoslate.com\/#organization"},"sameAs":["https:\/\/www.akiba.gg","https:\/\/x.com\/akibablade","https:\/\/www.linkedin.com\/in\/liamandrewwright","https:\/\/muckrack.com\/liam-wright\/articles"]},"headline":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years","datePublished":"2026-05-01T15:00:36+00:00","dateModified":"2026-05-01T15:00:36+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/"},"wordCount":1369,"publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"articleSection":["DeFi","Featured","Hacks","Market","Wallets"],"inLanguage":"en-US","copyrightYear":"2026","copyrightHolder":{"@id":"https:\/\/cryptoslate.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/","url":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/","name":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years","isPartOf":{"@id":"https:\/\/cryptoslate.com\/#website"},"datePublished":"2026-05-01T15:00:36+00:00","dateModified":"2026-05-01T15:00:36+00:00","description":"Hundreds of dormant Ethereum wallets were drained as April's crypto exploit wave exposed risks around old keys, admin powers, and bridges.","breadcrumb":{"@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cryptoslate.com\/someone-drained-long-forgotten-ethereum-wallets-and-the-cause-may-trace-back-years\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptoslate.com\/"},{"@type":"ListItem","position":2,"name":"Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years"}]},{"@type":"WebSite","@id":"https:\/\/cryptoslate.com\/#website","url":"https:\/\/cryptoslate.com\/","name":"CryptoSlate","description":"Cryptocurrency News and Real-time Coin Data","publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"inLanguage":"en-US"},{"@type":"NewsMediaOrganization","@id":"https:\/\/cryptoslate.com\/#organization","name":"CryptoSlate","url":"https:\/\/cryptoslate.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","width":1000,"height":1000,"caption":"CryptoSlate"},"image":{"@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/cryptoslate","https:\/\/www.instagram.com\/cryptoslate","https:\/\/www.linkedin.com\/company\/cryptoslate","https:\/\/www.youtube.com\/c\/cryptoslate","https:\/\/cryptoslate.substack.com","https:\/\/t.me\/cryptoslatenews","https:\/\/www.crunchbase.com\/organization\/cryptoslate","https:\/\/iq.wiki\/wiki\/cryptoslate","https:\/\/news.google.com\/publications\/CAAqKggKIiRDQklTRlFnTWFoRUtEMk55ZVhCMGIzTnNZWFJsTG1OdmJTZ0FQAQ","https:\/\/muckrack.com\/media-outlet\/cryptoslate","https:\/\/www.tiktok.com\/@cryptoslatenews"],"publishingPrinciples":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","ownershipFundingInfo":"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/","correctionsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","ethicsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","foundingDate":"2017-08-04","founder":[{"@type":"Person","name":"Nate Whitehill"},{"@type":"Person","name":"Matthew Blancarte"}],"contactPoint":[{"@type":"ContactPoint","contactType":"customer support","url":"https:\/\/cryptoslate.com\/contact\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"sales","url":"https:\/\/cryptoslate.com\/advertising\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"newsroom","url":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","email":"tips@cryptoslate.com","availableLanguage":"en-US"}],"masthead":"https:\/\/cryptoslate.com\/about\/#masthead"},{"@type":"Person","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/ea2b02b41a7478e18d903ca8eec4979e","name":"Liam 'Akiba' Wright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam-150x150.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/10\/about-liam-150x150.jpg","caption":"Liam 'Akiba' Wright"},"description":"Also known as \"Akiba,\" Liam Wright is the Editor-in-Chief at CryptoSlate and host of the SlateCast. He believes that together decentralized blockchain and AI technology have the potential to make widespread positive change.","sameAs":["https:\/\/www.akiba.gg","https:\/\/www.instagram.com\/akibablade","https:\/\/twitter.com\/akibablade"],"award":["Most improved footballer - 1992"],"knowsAbout":["Python","Javascript","PHP","HTML","Agentic Software","Machine Learning","2000s emo music","Manchester United"],"knowsLanguage":["English","Spanish"],"url":"https:\/\/cryptoslate.com\/author\/liam-akiba-wright\/"}]}},"_links":{"self":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/534165"}],"collection":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/users\/1264"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/comments?post=534165"}],"version-history":[{"count":4,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/534165\/revisions"}],"predecessor-version":[{"id":534184,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/534165\/revisions\/534184"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media\/534182"}],"wp:attachment":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media?parent=534165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/categories?post=534165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/tags?post=534165"},{"taxonomy":"prediction_market_topic","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/prediction_market_topic?post=534165"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/post_folder?post=534165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}